Skip to content

release/20.x: [MachO] Improve bounds check (#141083) #141461

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 27, 2025
Merged

release/20.x: [MachO] Improve bounds check (#141083) #141461

merged 1 commit into from
May 27, 2025

Conversation

llvmbot
Copy link
Member

@llvmbot llvmbot commented May 26, 2025

Backport 3f29acb

Requested by: @nikic

@nikic @llvmbot
[MachO] Improve bounds check (llvm#141083)
5d99a97 
The current check may fail if the addition overflows. I've observed
failures of macho-invalid.test on 32-bit due to this.

Instead, compare against the remaining bytes until the end of the
object.

(cherry picked from commit 3f29acb)
@llvmbot
Copy link
Member Author

llvmbot commented May 26, 2025

@llvm/pr-subscribers-llvm-binary-utilities

Author: None (llvmbot)

Changes

Backport 3f29acb

Requested by: @nikic

Full diff: https://github.com/llvm/llvm-project/pull/141461.diff

1 Files Affected:

  • (modified) llvm/lib/Object/MachOObjectFile.cpp (+2-1)
diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp
index 69d36e6a77db7..5db264207ffb7 100644
--- a/llvm/lib/Object/MachOObjectFile.cpp
+++ b/llvm/lib/Object/MachOObjectFile.cpp
@@ -192,7 +192,8 @@ static Expected<MachOObjectFile::LoadCommandInfo>
 getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr,
                    uint32_t LoadCommandIndex) {
   if (auto CmdOrErr = getStructOrErr<MachO::load_command>(Obj, Ptr)) {
-    if (CmdOrErr->cmdsize + Ptr > Obj.getData().end())
+    assert(Ptr <= Obj.getData().end() && "Start must be before end");
+    if (CmdOrErr->cmdsize > (uintptr_t)(Obj.getData().end() - Ptr))
       return malformedError("load command " + Twine(LoadCommandIndex) +
                             " extends past end of file");
     if (CmdOrErr->cmdsize < 8)

@nikic nikic added this to the LLVM 20.X Release milestone May 26, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in LLVM Release Status May 26, 2025
@nikic nikic requested a review from JDevlieghere May 26, 2025 10:50
@nikic nikic mentioned this pull request May 26, 2025
Merged
@github-project-automation github-project-automation bot moved this from Needs Triage to Needs Merge in LLVM Release Status May 27, 2025
@tstellar tstellar merged commit 5d99a97 into llvm:release/20.x May 27, 2025
8 checks passed
@github-project-automation github-project-automation bot moved this from Needs Merge to Done in LLVM Release Status May 27, 2025
@github-actions GitHub Actions
Copy link

@nikic (or anyone else). If you would like to add a note about this fix in the release notes (completely optional). Please reply to this comment with a one or two sentence description of the fix. When you are done, please add the release:note label to this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JDevlieghere JDevlieghere

Assignees
No one assigned
Labels
llvm:binary-utilities
Projects
LLVM Release Status
Status: Done
Milestone
LLVM 20.X Release
Development

Successfully merging this pull request may close these issues.
4 participants
@llvmbot @JDevlieghere @tstellar @nikic