commit 9bbf3cd3d73e26ed109f7751147b68b142d68c29
author Sean Callanan <scallanan@apple.com> Tue Mar 04 21:56:11 2014 +0000
committer Sean Callanan <scallanan@apple.com> Tue Mar 04 21:56:11 2014 +0000
tree 7a1e14999deba27400dff59de1281df49dbcc561
parent 5a09527d0d33b5bc9688adf3a7f7b9dc05f11679

Hardened against reads in the IRMemoryMap that
exceed the bounds of the backing memory.

<rdar://problem/16088322>

llvm-svn: 202899

lldb/source/Expression/IRMemoryMap.cpp

diff --git a/lldb/source/Expression/IRMemoryMap.cpp b/lldb/source/Expression/IRMemoryMap.cpp
index 53f74ae..f927e8b 100644
--- a/lldb/source/Expression/IRMemoryMap.cpp
+++ b/lldb/source/Expression/IRMemoryMap.cpp
@@ -576,6 +576,13 @@
     
     uint64_t offset = process_address - allocation.m_process_start;
     
+    if (offset > allocation.m_size)
+    {
+        error.SetErrorToGenericError();
+        error.SetErrorString("Couldn't read: data is not in the allocation");
+        return;
+    }
+    
     lldb::ProcessSP process_sp;
     
     switch (allocation.m_policy)
@@ -591,6 +598,13 @@
             error.SetErrorString("Couldn't read: data buffer is empty");
             return;
         }
+        if (allocation.m_data.GetByteSize() < offset + size)
+        {
+            error.SetErrorToGenericError();
+            error.SetErrorString("Couldn't read: not enough underlying data");
+            return;
+        }
+
         ::memcpy (bytes, allocation.m_data.GetBytes() + offset, size);
         break;
     case eAllocationPolicyMirror: