From 67635a7f8df47fa7eb9d7a437ee93f3037e67869 Mon Sep 17 00:00:00 2001
From: Saleem Abdulrasool <compnerd@compnerd.org>
Date: Mon, 14 Apr 2014 02:37:23 +0000
Subject: tools: address possible non-null terminated filenames

If a filename is a multiple of 18 characters, there will be no null-terminator.
This will result in an invalid access by the constructed StringRef.  Add a test
case to exercise this and fix that handling.  Address this same vulnerability in
llvm-readobj as well.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@206145 91177308-0d34-0410-b5e6-96231b3b80d8
---
 tools/llvm-objdump/llvm-objdump.cpp | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

(limited to 'tools/llvm-objdump')

diff --git a/tools/llvm-objdump/llvm-objdump.cpp b/tools/llvm-objdump/llvm-objdump.cpp
index 313816e56e..8d5035efcd 100644
--- a/tools/llvm-objdump/llvm-objdump.cpp
+++ b/tools/llvm-objdump/llvm-objdump.cpp
@@ -669,17 +669,7 @@ static void PrintCOFFSymbolTable(const COFFObjectFile *coff) {
   const coff_symbol *symbol = 0;
   for (int i = 0, e = header->NumberOfSymbols; i != e; ++i) {
     if (aux_count--) {
-      switch (symbol->StorageClass) {
-      default: outs() << "AUX Unknown\n";
-      case COFF::IMAGE_SYM_CLASS_STATIC:
-        // Section definition.  Follows a symbol-table record that defines a
-        // section.  Such a record has a symbol name that is the name of a
-        // section and has storage class STATIC (3).
-        if (symbol->Value) {
-          errs() << "invalid entry in Symbol Table";
-          break;
-        }
-
+      if (symbol->isSectionDefinition()) {
         const coff_aux_section_definition *asd;
         if (error(coff->getAuxSymbol<coff_aux_section_definition>(i, asd)))
           return;
@@ -693,15 +683,17 @@ static void PrintCOFFSymbolTable(const COFFObjectFile *coff) {
                << format("assoc %d comdat %d\n"
                          , unsigned(asd->Number)
                          , unsigned(asd->Selection));
-        break;
-      case COFF::IMAGE_SYM_CLASS_FILE:
+      } else if (symbol->isFileRecord()) {
         const coff_aux_file *AF;
         if (error(coff->getAuxSymbol<coff_aux_file>(i, AF)))
           return;
-        outs() << "AUX " << StringRef(AF->FileName) << '\n';
+
+        StringRef Name(AF->FileName, (aux_count + 1) * COFF::SymbolSize);
+        outs() << "AUX " << Name.rtrim(StringRef("\0", 1))  << '\n';
         i = i + aux_count;
         aux_count = 0;
-        break;
+      } else {
+        outs() << "AUX Unknown\n";
       }
     } else {
       StringRef name;
-- 
cgit v1.2.3