Add a tiny bit of hardening to the eh_frame and compact unwind parsing.
When we're seeing offsets that exceed the size of our section, don't try to use that unwind info. <rdar://problem/20113673> llvm-svn: 233886
This commit is contained in:
parent
b1cd98a18d
commit
c48ef341e1
|
@ -283,9 +283,17 @@ CompactUnwindInfo::ScanIndex (const ProcessSP &process_sp)
|
|||
|
||||
uint32_t indexCount = m_unwindinfo_data.GetU32(&offset);
|
||||
|
||||
if (m_unwind_header.version != 1)
|
||||
if (m_unwind_header.common_encodings_array_offset > m_unwindinfo_data.GetByteSize()
|
||||
|| m_unwind_header.personality_array_offset > m_unwindinfo_data.GetByteSize()
|
||||
|| indexSectionOffset > m_unwindinfo_data.GetByteSize()
|
||||
|| offset > m_unwindinfo_data.GetByteSize())
|
||||
{
|
||||
Host::SystemLog (Host::eSystemLogError,
|
||||
"error: Invalid offset encountered in compact unwind info, skipping\n");
|
||||
// don't trust anything from this compact_unwind section if it looks
|
||||
// blatently invalid data in the header.
|
||||
m_indexes_computed = eLazyBoolNo;
|
||||
return;
|
||||
}
|
||||
|
||||
// Parse the basic information from the indexes
|
||||
|
|
|
@ -365,6 +365,31 @@ DWARFCallFrameInfo::GetFDEIndex ()
|
|||
cie_offset = current_entry + 4 - cie_id;
|
||||
}
|
||||
|
||||
if (next_entry > m_cfi_data.GetByteSize() + 1)
|
||||
{
|
||||
Host::SystemLog (Host::eSystemLogError,
|
||||
"error: Invalid fde/cie next entry offset of 0x%x found in cie/fde at 0x%x\n",
|
||||
next_entry,
|
||||
current_entry);
|
||||
// Don't trust anything in this eh_frame section if we find blatently
|
||||
// invalid data.
|
||||
m_fde_index.Clear();
|
||||
m_fde_index_initialized = true;
|
||||
return;
|
||||
}
|
||||
if (cie_offset > m_cfi_data.GetByteSize())
|
||||
{
|
||||
Host::SystemLog (Host::eSystemLogError,
|
||||
"error: Invalid cie offset of 0x%x found in cie/fde at 0x%x\n",
|
||||
cie_offset,
|
||||
current_entry);
|
||||
// Don't trust anything in this eh_frame section if we find blatently
|
||||
// invalid data.
|
||||
m_fde_index.Clear();
|
||||
m_fde_index_initialized = true;
|
||||
return;
|
||||
}
|
||||
|
||||
if (cie_id == 0 || cie_id == UINT32_MAX || len == 0)
|
||||
{
|
||||
m_cie_map[current_entry] = ParseCIE (current_entry);
|
||||
|
|
Loading…
Reference in New Issue