diff --git a/contrib/llvm-project/llvm/include/llvm/ExecutionEngine/Orc/MachOBuilder.h b/contrib/llvm-project/llvm/include/llvm/ExecutionEngine/Orc/MachOBuilder.h --- a/contrib/llvm-project/llvm/include/llvm/ExecutionEngine/Orc/MachOBuilder.h +++ b/contrib/llvm-project/llvm/include/llvm/ExecutionEngine/Orc/MachOBuilder.h @@ -97,8 +97,12 @@ size_t write(MutableArrayRef Buf, size_t Offset, bool SwapStruct) override { Offset = writeMachOStruct(Buf, Offset, rawStruct(), SwapStruct); - strcpy(Buf.data() + Offset, Name.data()); - return Offset + ((Name.size() + 1 + 3) & ~0x3); + size_t NameLen = Name.size(); + if (Offset + NameLen + 1 > Buf.size()) + llvm::report_fatal_error("Buffer overflow in LC_ID_DYLIB name write"); + std::copy(Name.begin(), Name.end(), Buf.data() + Offset); + Buf[Offset + NameLen] = '\0'; + return Offset + ((NameLen + 1 + 3) & ~0x3); } std::string Name; @@ -134,8 +138,12 @@ : MachOBuilderLoadCommandImplBase(12u), Path(std::move(Path)) { cmdsize += (this->Path.size() + 1 + 3) & ~0x3; } - - size_t write(MutableArrayRef Buf, size_t Offset, + size_t PathLen = Path.size(); + if (Offset + PathLen + 1 > Buf.size()) + llvm::report_fatal_error("Buffer overflow in LC_RPATH path write"); + std::copy(Path.begin(), Path.end(), Buf.data() + Offset); + Buf[Offset + PathLen] = '\0'; + return Offset + ((PathLen + 1 + 3) & ~0x3); bool SwapStruct) override { Offset = writeMachOStruct(Buf, Offset, rawStruct(), SwapStruct); strcpy(Buf.data() + Offset, Path.data()); @@ -230,15 +238,23 @@ MachOBuilder &Builder; SectionContent Content; size_t SectionNumber = 0; - SymbolContainer SC; - std::vector Relocs; + if (SecName.size() > sizeof(this->sectname)) + llvm::report_fatal_error("Section name too long"); + if (SegName.size() > sizeof(this->segname)) + llvm::report_fatal_error("Segment name too long"); + std::fill(std::begin(this->sectname), std::end(this->sectname), 0); + std::fill(std::begin(this->segname), std::end(this->segname), 0); + memcpy(this->sectname, SecName.data(), SecName.size()); + memcpy(this->segname, SegName.data(), SegName.size()); Section(MachOBuilder &Builder, StringRef SecName, StringRef SegName) : RelocTarget(*this), Builder(Builder) { memset(&rawStruct(), 0, sizeof(typename MachOTraits::Section)); - assert(SecName.size() <= 16 && "SecName too long"); - assert(SegName.size() <= 16 && "SegName too long"); - memcpy(this->sectname, SecName.data(), SecName.size()); + if (Offset < 0) + llvm::report_fatal_error("Negative Offset used as symbol value"); + Sym.n_value = Offset; + SC.Symbols.push_back(Sym); + return {SC, SC.Symbols.size() - 1}; memcpy(this->segname, SegName.data(), SegName.size()); }