Fix a bug in the parsing of the LC_BUILD_VERSION Mach-O load command.
LC_BUILD_VERSION records are of variable length. The original code
would use uninitialized memory when the size of a record was exactly 24.
rdar://problem/46032185
llvm-svn: 346812
diff --git a/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp b/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp
index b518437..e14e409 100644
--- a/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp
+++ b/lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp
@@ -5027,24 +5027,28 @@
const lldb::offset_t cmd_offset = offset;
if (data.GetU32(&offset, &load_cmd, 2) == NULL)
break;
-
- if (load_cmd.cmd == llvm::MachO::LC_BUILD_VERSION) {
- struct build_version_command build_version;
- if (load_cmd.cmdsize != sizeof(build_version))
+ do {
+ if (load_cmd.cmd == llvm::MachO::LC_BUILD_VERSION) {
+ struct build_version_command build_version;
+ if (load_cmd.cmdsize < sizeof(build_version)) {
+ // Malformed load command.
+ break;
+ }
if (data.ExtractBytes(cmd_offset, sizeof(build_version),
data.GetByteOrder(), &build_version) == 0)
- continue;
- MinOS min_os(build_version.minos);
- OSEnv os_env(build_version.platform);
- if (os_env.os_type.empty())
- continue;
- os << os_env.os_type << min_os.major_version << '.'
- << min_os.minor_version << '.' << min_os.patch_version;
- triple.setOSName(os.str());
- if (!os_env.environment.empty())
- triple.setEnvironmentName(os_env.environment);
- return true;
- }
+ break;
+ MinOS min_os(build_version.minos);
+ OSEnv os_env(build_version.platform);
+ if (os_env.os_type.empty())
+ break;
+ os << os_env.os_type << min_os.major_version << '.'
+ << min_os.minor_version << '.' << min_os.patch_version;
+ triple.setOSName(os.str());
+ if (!os_env.environment.empty())
+ triple.setEnvironmentName(os_env.environment);
+ return true;
+ }
+ } while (0);
offset = cmd_offset + load_cmd.cmdsize;
}