From 65dccf78843e64aa34a1f2ac8206aa8b0553a284 Mon Sep 17 00:00:00 2001
From: David Majnemer <david.majnemer@gmail.com>
Date: Sun, 10 Jul 2016 05:32:05 +0000
Subject: [PATCH] [pdb] Sanity check the stream map

Some abstractions in LLVM "know" that they are reading in-bounds,
FixedStreamArray, and provide a simple result.  This breaks down if the
stream map is bogus.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@275010 91177308-0d34-0410-b5e6-96231b3b80d8
---
 include/llvm/DebugInfo/PDB/Raw/PDBFile.h | 2 +-
 lib/DebugInfo/PDB/Raw/PDBFile.cpp        | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/include/llvm/DebugInfo/PDB/Raw/PDBFile.h b/include/llvm/DebugInfo/PDB/Raw/PDBFile.h
index a8e1dc5c307..11ddb2e63eb 100644
--- a/include/llvm/DebugInfo/PDB/Raw/PDBFile.h
+++ b/include/llvm/DebugInfo/PDB/Raw/PDBFile.h
@@ -82,7 +82,7 @@ public:
   uint32_t getStreamByteSize(uint32_t StreamIndex) const override;
   ArrayRef<support::ulittle32_t>
   getStreamBlockList(uint32_t StreamIndex) const override;
-  size_t getFileSize() const;
+  uint32_t getFileSize() const;
 
   Expected<ArrayRef<uint8_t>> getBlockData(uint32_t BlockIndex,
                                            uint32_t NumBytes) const override;
diff --git a/lib/DebugInfo/PDB/Raw/PDBFile.cpp b/lib/DebugInfo/PDB/Raw/PDBFile.cpp
index b289fd0124b..ce2446cba80 100644
--- a/lib/DebugInfo/PDB/Raw/PDBFile.cpp
+++ b/lib/DebugInfo/PDB/Raw/PDBFile.cpp
@@ -71,7 +71,7 @@ PDBFile::getStreamBlockList(uint32_t StreamIndex) const {
   return StreamMap[StreamIndex];
 }
 
-size_t PDBFile::getFileSize() const { return Buffer->getLength(); }
+uint32_t PDBFile::getFileSize() const { return Buffer->getLength(); }
 
 Expected<ArrayRef<uint8_t>> PDBFile::getBlockData(uint32_t BlockIndex,
                                                   uint32_t NumBytes) const {
@@ -154,6 +154,12 @@ Error PDBFile::parseStreamData() {
     ArrayRef<support::ulittle32_t> Blocks;
     if (auto EC = Reader.readArray(Blocks, NumExpectedStreamBlocks))
       return EC;
+    for (uint32_t Block : Blocks) {
+      uint64_t BlockEndOffset = (uint64_t)(Block + 1) * SB->BlockSize;
+      if (BlockEndOffset > getFileSize())
+        return make_error<RawError>(raw_error_code::corrupt_file,
+                                    "Stream block map is corrupt.");
+    }
     StreamMap.push_back(Blocks);
   }
 
-- 
2.11.0