diff options
| author | Saleem Abdulrasool <compnerd@compnerd.org> | 2014-04-14 02:37:23 +0000 |
|---|---|---|
| committer | Saleem Abdulrasool <compnerd@compnerd.org> | 2014-04-14 02:37:23 +0000 |
| commit | 67635a7f8df47fa7eb9d7a437ee93f3037e67869 (patch) | |
| tree | 0a84bfd2bfbd16fcb897ae7bf37855c11012f3b8 /tools/llvm-readobj | |
| parent | aa827a513cb8b8bb15c2bcbda0617d665c4d8116 (diff) | |
| download | llvm-67635a7f8df47fa7eb9d7a437ee93f3037e67869.tar.gz llvm-67635a7f8df47fa7eb9d7a437ee93f3037e67869.tar.bz2 llvm-67635a7f8df47fa7eb9d7a437ee93f3037e67869.tar.xz | |
tools: address possible non-null terminated filenames
If a filename is a multiple of 18 characters, there will be no null-terminator.
This will result in an invalid access by the constructed StringRef. Add a test
case to exercise this and fix that handling. Address this same vulnerability in
llvm-readobj as well.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@206145 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'tools/llvm-readobj')
| -rw-r--r-- | tools/llvm-readobj/COFFDumper.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/tools/llvm-readobj/COFFDumper.cpp b/tools/llvm-readobj/COFFDumper.cpp index 69be82ec3e..8d08d021a3 100644 --- a/tools/llvm-readobj/COFFDumper.cpp +++ b/tools/llvm-readobj/COFFDumper.cpp @@ -977,7 +977,10 @@ void COFFDumper::printSymbol(const SymbolRef &Sym) { break; DictScope AS(W, "AuxFileRecord"); - W.printString("FileName", StringRef(Aux->FileName)); + + StringRef Name(Aux->FileName, + Symbol->NumberOfAuxSymbols * COFF::SymbolSize); + W.printString("FileName", Name.rtrim(StringRef("\0", 1))); } else if (Symbol->isSectionDefinition()) { const coff_aux_section_definition *Aux; if (error(getSymbolAuxData(Obj, Symbol + I, Aux))) |