commit 1b79e9a5b916c7c3684e82a1cec29bd6ac91bd3e
author David Majnemer <david.majnemer@gmail.com> Sun Jul 10 05:32:05 2016 +0000
committer David Majnemer <david.majnemer@gmail.com> Sun Jul 10 05:32:05 2016 +0000
tree 66313fadcbf9e655c6678193e89348d2735677fd
parent 6211b1f1f9c1434d9612aada7337ca9c6bca4a10

[pdb] Sanity check the stream map

Some abstractions in LLVM "know" that they are reading in-bounds,
FixedStreamArray, and provide a simple result.  This breaks down if the
stream map is bogus.

llvm-svn: 275010

llvm/lib/DebugInfo/PDB/Raw/PDBFile.cpp

diff --git a/llvm/lib/DebugInfo/PDB/Raw/PDBFile.cpp b/llvm/lib/DebugInfo/PDB/Raw/PDBFile.cpp
index b289fd0..ce2446c 100644
--- a/llvm/lib/DebugInfo/PDB/Raw/PDBFile.cpp
+++ b/llvm/lib/DebugInfo/PDB/Raw/PDBFile.cpp
@@ -71,7 +71,7 @@
   return StreamMap[StreamIndex];
 }
 
-size_t PDBFile::getFileSize() const { return Buffer->getLength(); }
+uint32_t PDBFile::getFileSize() const { return Buffer->getLength(); }
 
 Expected<ArrayRef<uint8_t>> PDBFile::getBlockData(uint32_t BlockIndex,
                                                   uint32_t NumBytes) const {
@@ -154,6 +154,12 @@
     ArrayRef<support::ulittle32_t> Blocks;
     if (auto EC = Reader.readArray(Blocks, NumExpectedStreamBlocks))
       return EC;
+    for (uint32_t Block : Blocks) {
+      uint64_t BlockEndOffset = (uint64_t)(Block + 1) * SB->BlockSize;
+      if (BlockEndOffset > getFileSize())
+        return make_error<RawError>(raw_error_code::corrupt_file,
+                                    "Stream block map is corrupt.");
+    }
     StreamMap.push_back(Blocks);
   }