diff options
author | Jonas Devlieghere <jonas@devlieghere.com> | 2017-09-13 13:43:01 +0000 |
---|---|---|
committer | Jonas Devlieghere <jonas@devlieghere.com> | 2017-09-13 13:43:01 +0000 |
commit | 143e1f168221bc48fe8c7c2b04119ffc449e4312 (patch) | |
tree | 5ccd2b96eec8b6f6b7b9538b19056a9c690389f9 /test/Object | |
parent | 8a07ca8969764d1b16b62c5b98dd6a2dd59f5b8d (diff) |
[MachO] Prevent heap overflow when load command extends past EOF
This patch fixes a heap-buffer-overflow when a malformed Mach-O has a
load command who's size extends past the end of the binary.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3225
Differential revision: https://reviews.llvm.org/D37439
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@313145 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test/Object')
-rw-r--r-- | test/Object/Inputs/macho-invalid-dylib-cmdsize-past-eof | bin | 0 -> 56 bytes | |||
-rw-r--r-- | test/Object/macho-invalid.test | 3 |
2 files changed, 3 insertions, 0 deletions
diff --git a/test/Object/Inputs/macho-invalid-dylib-cmdsize-past-eof b/test/Object/Inputs/macho-invalid-dylib-cmdsize-past-eof Binary files differnew file mode 100644 index 00000000000..feefab933ec --- /dev/null +++ b/test/Object/Inputs/macho-invalid-dylib-cmdsize-past-eof diff --git a/test/Object/macho-invalid.test b/test/Object/macho-invalid.test index e956680a2ce..1a7ac21d744 100644 --- a/test/Object/macho-invalid.test +++ b/test/Object/macho-invalid.test @@ -284,6 +284,9 @@ INVALID-DYLIB-WRONG-FILETYPE: macho-invalid-dylib-wrong-filetype': truncated or RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-no-id 2>&1 | FileCheck -check-prefix INVALID-DYLIB-NO-ID %s INVALID-DYLIB-NO-ID: macho-invalid-dylib-no-id': truncated or malformed object (no LC_ID_DYLIB load command in dynamic library filetype) +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-dylib-cmdsize-past-eof 2>&1 | FileCheck -check-prefix INVALID-DYLIB-CMDSIZE %s +INVALID-DYLIB-CMDSIZE: macho-invalid-dylib-cmdsize-past-eof': truncated or malformed object (load command 0 extends past end of file) + RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-uuid-more-than-one 2>&1 | FileCheck -check-prefix INVALID-UUID-MORE-THAN-ONE %s INVALID-UUID-MORE-THAN-ONE: macho-invalid-uuid-more-than-one': truncated or malformed object (more than one LC_UUID command) |