tools: address possible non-null terminated filenames

If a filename is a multiple of 18 characters, there will be no null-terminator. This will result in an invalid access by the constructed StringRef. Add a test case to exercise this and fix that handling. Address this same vulnerability in llvm-readobj as well. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@206145 91177308-0d34-0410-b5e6-96231b3b80d8
2025-11-01 15:17:25 +00:00 · 2014-04-14 02:37:23 +00:00
parent aa827a513c
commit 67635a7f8d
6 changed files with 78 additions and 16 deletions
--- a/tools/llvm-readobj/COFFDumper.cpp
+++ b/tools/llvm-readobj/COFFDumper.cpp
@@ -977,7 +977,10 @@ void COFFDumper::printSymbol(const SymbolRef &Sym) {
        break;

      DictScope AS(W, "AuxFileRecord");
-      W.printString("FileName", StringRef(Aux->FileName));
+
+      StringRef Name(Aux->FileName,
+                     Symbol->NumberOfAuxSymbols * COFF::SymbolSize);
+      W.printString("FileName", Name.rtrim(StringRef("\0", 1)));
    } else if (Symbol->isSectionDefinition()) {
      const coff_aux_section_definition *Aux;
      if (error(getSymbolAuxData(Obj, Symbol + I, Aux)))