39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
From 5cfcd9ff4c1438e3865b9af03d5ff5abd5f1a7f6 Mon Sep 17 00:00:00 2001
|
|
From: Tom Stellard <tstellar@redhat.com>
|
|
Date: Fri, 31 Aug 2018 09:58:52 -0700
|
|
Subject: [PATCH] MachO: Fix out-of-bounds memory access in getString16
|
|
|
|
This fixes the following tests when gcc is compiled with gcc8:
|
|
|
|
lld :: mach-o/do-not-emit-unwind-fde-arm64.yaml
|
|
lld :: mach-o/eh-frame-relocs-arm64.yaml
|
|
---
|
|
lib/ReaderWriter/MachO/MachONormalizedFileBinaryUtils.h | 11 +++++------
|
|
1 file changed, 5 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/lib/ReaderWriter/MachO/MachONormalizedFileBinaryUtils.h b/lib/ReaderWriter/MachO/MachONormalizedFileBinaryUtils.h
|
|
index 407bd9b..f0340a9 100644
|
|
--- a/lib/ReaderWriter/MachO/MachONormalizedFileBinaryUtils.h
|
|
+++ b/lib/ReaderWriter/MachO/MachONormalizedFileBinaryUtils.h
|
|
@@ -185,12 +185,11 @@ packRelocation(const Relocation &r, bool swap, bool isBigEndian) {
|
|
return result;
|
|
}
|
|
|
|
-inline StringRef getString16(const char s[16]) {
|
|
- StringRef x = s;
|
|
- if ( x.size() > 16 )
|
|
- return x.substr(0, 16);
|
|
- else
|
|
- return x;
|
|
+static StringRef getString16(const char s[16]) {
|
|
+ // The StringRef(const char *) constructor passes the const char * to
|
|
+ // strlen(), so we can't use this constructor here, because if there is no
|
|
+ // null terminator in s, then strlen() will read past the end of the array.
|
|
+ return StringRef(s, strnlen(s, 16));
|
|
}
|
|
|
|
inline void setString16(StringRef str, char s[16]) {
|
|
--
|
|
1.8.3.1
|
|
|