Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / c6fa5db7470bd9126cde1e27c6fe792a20ca89b4^! / . / lldb / source / Plugins / DynamicLoader / Darwin-Kernel / DynamicLoaderDarwinKernel.cpp
commitc6fa5db7470bd9126cde1e27c6fe792a20ca89b4[log] [tgz]
authorJason Molenda <jmolenda@apple.com>Tue Apr 15 01:04:00 2014 +0000
committerJason Molenda <jmolenda@apple.com>Tue Apr 15 01:04:00 2014 +0000
tree540f0ae66b9aa8a38d7677c5b874cf86da8f8e8f
parente9fa266cbad6ac10eb8f7778dd6ddb55ee07491d [diff] [blame]
Add some basic sanity checks to DynamicLoaderDarwinKernel::ReadKextSummaryHeader()
when it is reading the kext table, in case we're reading out of a core file with
corrupt contents in this region.
<rdar://problem/16601915> 

llvm-svn: 206233

diff --git a/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp b/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp
index 119616d..d24508f 100644
--- a/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp
+++ b/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp

@@ -1148,9 +1148,25 @@
                 {
                     lldb::offset_t offset = 0;
                     m_kext_summary_header.version = data.GetU32(&offset);
+                    if (m_kext_summary_header.version > 128)
+                    {
+                        Stream *s = m_process->GetTarget().GetDebugger().GetOutputFile().get();
+                        s->Printf ("WARNING: Unable to read kext summary header, got improbable version number %u\n", m_kext_summary_header.version);
+                        // If we get an improbably large veriosn number, we're probably getting bad memory.
+                        m_kext_summary_header_addr.Clear();
+                        return false;
+                    }
                     if (m_kext_summary_header.version >= 2)
                     {
                         m_kext_summary_header.entry_size = data.GetU32(&offset);
+                        if (m_kext_summary_header.entry_size > 4096)
+                        {
+                            // If we get an improbably large entry_size, we're probably getting bad memory.
+                            Stream *s = m_process->GetTarget().GetDebugger().GetOutputFile().get();
+                            s->Printf ("WARNING: Unable to read kext summary header, got improbable entry_size %u\n", m_kext_summary_header.entry_size);
+                            m_kext_summary_header_addr.Clear();
+                            return false;
+                        }
                     }
                     else
                     {
@@ -1158,6 +1174,14 @@
                         m_kext_summary_header.entry_size = KERNEL_MODULE_ENTRY_SIZE_VERSION_1;
                     }
                     m_kext_summary_header.entry_count = data.GetU32(&offset);
+                    if (m_kext_summary_header.entry_count > 10000)
+                    {
+                        // If we get an improbably large number of kexts, we're probably getting bad memory.
+                        Stream *s = m_process->GetTarget().GetDebugger().GetOutputFile().get();
+                        s->Printf ("WARNING: Unable to read kext summary header, got improbable number of kexts %u\n", m_kext_summary_header.entry_count);
+                        m_kext_summary_header_addr.Clear();
+                        return false;
+                    }
                     return true;
                 }
             }