Skip to content

[MachO] Improve bounds check #141083

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 26, 2025
Merged

[MachO] Improve bounds check #141083

merged 1 commit into from
May 26, 2025

Conversation

nikic
Copy link
Contributor

@nikic nikic commented May 22, 2025

The current check may fail if the addition overflows. I've observed failures of macho-invalid.test on 32-bit due to this.

Instead, compare against the remaining bytes until the end of the object.

@nikic
[MachO] Improve bounds check
14c56d8 
The current check may fail if the addition overflows. I've observed
failures of macho-invalid.test on 32-bit due to this.

Instead, compare against the remaining bytes until the end of the
object.
@nikic nikic requested review from lhames and JDevlieghere May 22, 2025 14:59
@llvmbot
Copy link
Member

llvmbot commented May 22, 2025

@llvm/pr-subscribers-llvm-binary-utilities

Author: Nikita Popov (nikic)

Changes

The current check may fail if the addition overflows. I've observed failures of macho-invalid.test on 32-bit due to this.

Instead, compare against the remaining bytes until the end of the object.

Full diff: https://github.com/llvm/llvm-project/pull/141083.diff

1 Files Affected:

  • (modified) llvm/lib/Object/MachOObjectFile.cpp (+2-1)
diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp
index 69d36e6a77db7..5db264207ffb7 100644
--- a/llvm/lib/Object/MachOObjectFile.cpp
+++ b/llvm/lib/Object/MachOObjectFile.cpp
@@ -192,7 +192,8 @@ static Expected<MachOObjectFile::LoadCommandInfo>
 getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr,
                    uint32_t LoadCommandIndex) {
   if (auto CmdOrErr = getStructOrErr<MachO::load_command>(Obj, Ptr)) {
-    if (CmdOrErr->cmdsize + Ptr > Obj.getData().end())
+    assert(Ptr <= Obj.getData().end() && "Start must be before end");
+    if (CmdOrErr->cmdsize > (uintptr_t)(Obj.getData().end() - Ptr))
       return malformedError("load command " + Twine(LoadCommandIndex) +
                             " extends past end of file");
     if (CmdOrErr->cmdsize < 8)

@nikic nikic merged commit 3f29acb into llvm:main May 26, 2025
11 of 13 checks passed
@nikic nikic deleted the macho-bounds-check branch May 26, 2025 07:43
@nikic nikic added this to the LLVM 20.X Release milestone May 26, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in LLVM Release Status May 26, 2025
@nikic
Copy link
Contributor Author

nikic commented May 26, 2025

/cherry-pick 3f29acb

@llvmbot
Copy link
Member

llvmbot commented May 26, 2025

Failed to create pull request for issue141083 https://github.com/llvm/llvm-project/actions/runs/15249073515

1 similar comment
@llvmbot
Copy link
Member

llvmbot commented May 26, 2025

Failed to create pull request for issue141083 https://github.com/llvm/llvm-project/actions/runs/15249073515

@nikic
Copy link
Contributor Author

nikic commented May 26, 2025

/cherry-pick 3f29acb

@nikic
Copy link
Contributor Author

nikic commented May 26, 2025

Oh, it looks like there's an API outage: https://www.githubstatus.com/incidents/d0nm3xcdc5jw

@nikic
Copy link
Contributor Author

nikic commented May 26, 2025

/cherry-pick 3f29acb

@nikic
Copy link
Contributor Author

nikic commented May 26, 2025

Heh, looks like the PR creation actually worked but posting the comment failed: #141461

swift-ci pushed a commit to swiftlang/llvm-project that referenced this pull request May 27, 2025
@nikic @llvmbot
[MachO] Improve bounds check (llvm#141083)
5d99a97 
The current check may fail if the addition overflows. I've observed
failures of macho-invalid.test on 32-bit due to this.

Instead, compare against the remaining bytes until the end of the
object.

(cherry picked from commit 3f29acb)
sivan-shani pushed a commit to sivan-shani/llvm-project that referenced this pull request Jun 3, 2025
@nikic @sivan-shani
[MachO] Improve bounds check (llvm#141083)
c3a03e1 
The current check may fail if the addition overflows. I've observed
failures of macho-invalid.test on 32-bit due to this.

Instead, compare against the remaining bytes until the end of the
object.
@tstellar tstellar moved this from Needs Triage to Done in LLVM Release Status Jun 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JDevlieghere JDevlieghere

@lhames lhames

Assignees
No one assigned
Labels
llvm:binary-utilities
Projects
LLVM Release Status
Status: Done
Milestone
LLVM 20.X Release
Development

Successfully merging this pull request may close these issues.
3 participants
@nikic @llvmbot @JDevlieghere