[pdb] Try to fix use after free.

author Zachary Turner <zturner@google.com>

Wed, 8 Jun 2016 00:25:08 +0000 (00:25 +0000)

committer Zachary Turner <zturner@google.com>

Wed, 8 Jun 2016 00:25:08 +0000 (00:25 +0000)
author Zachary Turner <zturner@google.com>
Wed, 8 Jun 2016 00:25:08 +0000 (00:25 +0000)
committer Zachary Turner <zturner@google.com>
Wed, 8 Jun 2016 00:25:08 +0000 (00:25 +0000)
diff --git a/lib/DebugInfo/PDB/Raw/DbiStream.cpp b/lib/DebugInfo/PDB/Raw/DbiStream.cpp

index 80441cc..90bc2a2 100644 (file)
--- a/lib/DebugInfo/PDB/Raw/DbiStream.cpp
+++ b/lib/DebugInfo/PDB/Raw/DbiStream.cpp
@@ -293,6 +293,9 @@ Error DbiStream::initializeSectionContributionData() {
  // Initializes this->SectionHeaders.
  Error DbiStream::initializeSectionHeadersData() {
    uint32_t StreamNum = getDebugStreamIndex(DbgHeaderType::SectionHdr);
+  if (StreamNum >= Pdb.getNumStreams())
+    return make_error<RawError>(raw_error_code::no_stream);
+
    SectionHeaderStream.reset(new MappedBlockStream(
        llvm::make_unique<IndexedStreamData>(StreamNum, Pdb), Pdb));
  
@@ -312,6 +315,9 @@ Error DbiStream::initializeSectionHeadersData() {
  // Initializes this->Fpos.
  Error DbiStream::initializeFpoRecords() {
    uint32_t StreamNum = getDebugStreamIndex(DbgHeaderType::NewFPO);
+  if (StreamNum >= Pdb.getNumStreams())
+    return make_error<RawError>(raw_error_code::no_stream);
+
    FpoStream.reset(new MappedBlockStream(
        llvm::make_unique<IndexedStreamData>(StreamNum, Pdb), Pdb));
  
diff --git a/lib/DebugInfo/PDB/Raw/PDBFile.cpp b/lib/DebugInfo/PDB/Raw/PDBFile.cpp

index 2209477..2796abf 100644 (file)
--- a/lib/DebugInfo/PDB/Raw/PDBFile.cpp
+++ b/lib/DebugInfo/PDB/Raw/PDBFile.cpp
@@ -325,6 +325,9 @@ Expected<NameHashTable &> PDBFile::getStringTable() {
  
      if (NameStreamIndex == 0)
        return make_error<RawError>(raw_error_code::no_stream);
+    if (NameStreamIndex >= getNumStreams())
+      return make_error<RawError>(raw_error_code::no_stream);
+
      auto SD = llvm::make_unique<IndexedStreamData>(NameStreamIndex, *this);
      auto S = llvm::make_unique<MappedBlockStream>(std::move(SD), *this);
      codeview::StreamReader Reader(*S);
diff --git a/lib/DebugInfo/PDB/Raw/TpiStream.cpp b/lib/DebugInfo/PDB/Raw/TpiStream.cpp

index 386f8ac..f34a513 100644 (file)
--- a/lib/DebugInfo/PDB/Raw/TpiStream.cpp
+++ b/lib/DebugInfo/PDB/Raw/TpiStream.cpp
@@ -104,6 +104,10 @@ Error TpiStream::reload() {
      return EC;
  
    // Hash indices, hash values, etc come from the hash stream.
+  if (Header->HashStreamIndex >= Pdb.getNumStreams())
+    return make_error<RawError>(raw_error_code::corrupt_file,
+                                "Invalid TPI hash stream index.");
+
    HashStream.reset(new MappedBlockStream(
        llvm::make_unique<IndexedStreamData>(Header->HashStreamIndex, Pdb), Pdb));
    codeview::StreamReader HSR(*HashStream);
diff --git a/tools/llvm-pdbdump/LLVMOutputStyle.cpp b/tools/llvm-pdbdump/LLVMOutputStyle.cpp

index b287243..20d08f5 100644 (file)
--- a/tools/llvm-pdbdump/LLVMOutputStyle.cpp
+++ b/tools/llvm-pdbdump/LLVMOutputStyle.cpp
@@ -191,10 +191,12 @@ Error LLVMOutputStyle::dumpStreamData() {
    uint32_t StreamCount = File.getNumStreams();
    StringRef DumpStreamStr = opts::DumpStreamDataIdx;
    uint32_t DumpStreamNum;
-  if (DumpStreamStr.getAsInteger(/*Radix=*/0U, DumpStreamNum) ||
-      DumpStreamNum >= StreamCount)
+  if (DumpStreamStr.getAsInteger(/*Radix=*/0U, DumpStreamNum))
      return Error::success();
  
+  if (DumpStreamNum >= StreamCount)
+    return make_error<RawError>(raw_error_code::no_stream);
+
    MappedBlockStream S(llvm::make_unique<IndexedStreamData>(DumpStreamNum, File),
                        File);
    codeview::StreamReader R(S);
@@ -238,6 +240,8 @@ Error LLVMOutputStyle::dumpNamedStream() {
    InfoStream &IS = InfoS.get();
  
    uint32_t NameStreamIndex = IS.getNamedStreamIndex(opts::DumpStreamDataName);
+  if (NameStreamIndex == 0 || NameStreamIndex >= File.getNumStreams())
+    return make_error<RawError>(raw_error_code::no_stream);
  
    if (NameStreamIndex != 0) {
      std::string Name("Stream '");
diff --git a/tools/llvm-pdbdump/llvm-pdbdump.cpp b/tools/llvm-pdbdump/llvm-pdbdump.cpp

index 7d4ba64..2445664 100644 (file)
--- a/tools/llvm-pdbdump/llvm-pdbdump.cpp
+++ b/tools/llvm-pdbdump/llvm-pdbdump.cpp
@@ -294,6 +294,8 @@ bool isRawDumpEnabled() {
      return true;
    if (opts::DumpIpiRecordBytes)
      return true;
+  if (opts::DumpSectionHeaders)
+    return true;
    if (opts::DumpSectionContribs)
      return true;
    if (opts::DumpSectionMap)
author	Zachary Turner <zturner@google.com>
	Wed, 8 Jun 2016 00:25:08 +0000 (00:25 +0000)
committer	Zachary Turner <zturner@google.com>
	Wed, 8 Jun 2016 00:25:08 +0000 (00:25 +0000)
lib/DebugInfo/PDB/Raw/DbiStream.cpp		patch \| blob \| history
lib/DebugInfo/PDB/Raw/PDBFile.cpp		patch \| blob \| history
lib/DebugInfo/PDB/Raw/TpiStream.cpp		patch \| blob \| history
tools/llvm-pdbdump/LLVMOutputStyle.cpp		patch \| blob \| history
tools/llvm-pdbdump/llvm-pdbdump.cpp		patch \| blob \| history