Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / 80df64239593200f9d79312fd22975457f981b58^! / . / llvm / lib / BinaryFormat / Magic.cpp
commit80df64239593200f9d79312fd22975457f981b58[log] [tgz]
authorBenjamin Kramer <benny.kra@googlemail.com>Thu Aug 31 12:50:42 2017 +0000
committerBenjamin Kramer <benny.kra@googlemail.com>Thu Aug 31 12:50:42 2017 +0000
tree5ac69b73e1432c56b605aec4c341ceabf2d2b420
parentbfcac0b4806ad528c93a65281d7eb0d5f66305e9 [diff] [blame]
[BinaryFormat] Fix out of bounds read.

Found by OSS-FUZZ!
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3220

llvm-svn: 312238

diff --git a/llvm/lib/BinaryFormat/Magic.cpp b/llvm/lib/BinaryFormat/Magic.cpp
index b19a07a..e9b8df9 100644
--- a/llvm/lib/BinaryFormat/Magic.cpp
+++ b/llvm/lib/BinaryFormat/Magic.cpp

@@ -182,7 +182,7 @@
     break;
 
   case 'M': // Possible MS-DOS stub on Windows PE file
-    if (startswith(Magic, "MZ")) {
+    if (startswith(Magic, "MZ") && Magic.size() >= 0x3c + 4) {
       uint32_t off = read32le(Magic.data() + 0x3c);
       // PE/COFF file, either EXE or DLL.
       if (off < Magic.size() &&