Author: Caroline Tice Date: 2023-06-28T11:46:55-07:00 New Revision: ee476996bec7f170928505a4c5b7715183cfbada
URL: https://github.com/llvm/llvm-project/commit/ee476996bec7f170928505a4c5b7715183cfbada DIFF: https://github.com/llvm/llvm-project/commit/ee476996bec7f170928505a4c5b7715183cfbada.diff LOG: [LLDB] Fix buffer overflow problem in DWARFExpression::Evaluate. In two calls to ReadMemory in DWARFExpression.cpp, the buffer size passed to ReadMemory is not actually the size of the buffer (I suspect a copy/paste error where the variable name was not properly updated). This caused a buffer overflow bug, which we found throuth Address Sanitizer. This patch fixes the problem by passing the correct buffer size to the calls to ReadMemory (and to the DataExtractor). Differential Revision: https://reviews.llvm.org/D153840 Added: Modified: lldb/source/Expression/DWARFExpression.cpp Removed: ################################################################################ diff --git a/lldb/source/Expression/DWARFExpression.cpp b/lldb/source/Expression/DWARFExpression.cpp index 9232282d81353..5f71a12456972 100644 --- a/lldb/source/Expression/DWARFExpression.cpp +++ b/lldb/source/Expression/DWARFExpression.cpp @@ -1138,15 +1138,16 @@ bool DWARFExpression::Evaluate( if (load_addr == LLDB_INVALID_ADDRESS && so_addr.IsSectionOffset()) { uint8_t addr_bytes[8]; + size_t buf_size = sizeof(addr_bytes); Status error; if (target && - target->ReadMemory(so_addr, &addr_bytes, size, error, - /*force_live_memory=*/false) == size) { + target->ReadMemory(so_addr, &addr_bytes, buf_size, error, + /*force_live_memory=*/false) == buf_size) { ObjectFile *objfile = module_sp->GetObjectFile(); stack.back().GetScalar() = DerefSizeExtractDataHelper( - addr_bytes, size, objfile->GetByteOrder(), size); + addr_bytes, size, objfile->GetByteOrder(), buf_size); stack.back().ClearContext(); break; } else { @@ -1170,13 +1171,13 @@ bool DWARFExpression::Evaluate( lldb::addr_t pointer_addr = stack.back().GetScalar().ULongLong(LLDB_INVALID_ADDRESS); uint8_t addr_bytes[sizeof(lldb::addr_t)]; + size_t buf_size = sizeof(addr_bytes); Status error; - if (process->ReadMemory(pointer_addr, &addr_bytes, size, error) == - size) { - + if (process->ReadMemory(pointer_addr, &addr_bytes, buf_size, error) + == buf_size) { stack.back().GetScalar() = DerefSizeExtractDataHelper(addr_bytes, sizeof(addr_bytes), - process->GetByteOrder(), size); + process->GetByteOrder(), buf_size); stack.back().ClearContext(); } else { if (error_ptr) _______________________________________________ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
