https://github.com/llvmbot updated https://github.com/llvm/llvm-project/pull/141461
>From 5d99a97583e148e2c0ad462bb35292366105e188 Mon Sep 17 00:00:00 2001 From: Nikita Popov <npo...@redhat.com> Date: Mon, 26 May 2025 09:43:00 +0200 Subject: [PATCH] [MachO] Improve bounds check (#141083) The current check may fail if the addition overflows. I've observed failures of macho-invalid.test on 32-bit due to this. Instead, compare against the remaining bytes until the end of the object. (cherry picked from commit 3f29acb51739a3e6bfb8cc623eb37cb734c98a63) --- llvm/lib/Object/MachOObjectFile.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp index 69d36e6a77db7..5db264207ffb7 100644 --- a/llvm/lib/Object/MachOObjectFile.cpp +++ b/llvm/lib/Object/MachOObjectFile.cpp @@ -192,7 +192,8 @@ static Expected<MachOObjectFile::LoadCommandInfo> getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr, uint32_t LoadCommandIndex) { if (auto CmdOrErr = getStructOrErr<MachO::load_command>(Obj, Ptr)) { - if (CmdOrErr->cmdsize + Ptr > Obj.getData().end()) + assert(Ptr <= Obj.getData().end() && "Start must be before end"); + if (CmdOrErr->cmdsize > (uintptr_t)(Obj.getData().end() - Ptr)) return malformedError("load command " + Twine(LoadCommandIndex) + " extends past end of file"); if (CmdOrErr->cmdsize < 8) _______________________________________________ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits