Add some basic sanity checks to DynamicLoaderDarwinKernel::ReadKextSummaryHeader()

when it is reading the kext table, in case we're reading out of a core file with corrupt contents in this region. <rdar://problem/16601915> llvm-svn: 206233
2026-01-16 13:35:38 +08:00 · 2014-04-15 01:04:00 +00:00
parent e9fa266cba
commit c6fa5db747
1 changed files with 24 additions and 0 deletions
--- a/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp
+++ b/lldb/source/Plugins/DynamicLoader/Darwin-Kernel/DynamicLoaderDarwinKernel.cpp
@@ -1148,9 +1148,25 @@ DynamicLoaderDarwinKernel::ReadKextSummaryHeader ()
                {
                    lldb::offset_t offset = 0;
                    m_kext_summary_header.version = data.GetU32(&offset);
+                    if (m_kext_summary_header.version > 128)
+                    {
+                        Stream *s = m_process->GetTarget().GetDebugger().GetOutputFile().get();
+                        s->Printf ("WARNING: Unable to read kext summary header, got improbable version number %u\n", m_kext_summary_header.version);
+                        // If we get an improbably large veriosn number, we're probably getting bad memory.
+                        m_kext_summary_header_addr.Clear();
+                        return false;
+                    }
                    if (m_kext_summary_header.version >= 2)
                    {
                        m_kext_summary_header.entry_size = data.GetU32(&offset);
+                        if (m_kext_summary_header.entry_size > 4096)
+                        {
+                            // If we get an improbably large entry_size, we're probably getting bad memory.
+                            Stream *s = m_process->GetTarget().GetDebugger().GetOutputFile().get();
+                            s->Printf ("WARNING: Unable to read kext summary header, got improbable entry_size %u\n", m_kext_summary_header.entry_size);
+                            m_kext_summary_header_addr.Clear();
+                            return false;
+                        }
                    }
                    else
                    {
@@ -1158,6 +1174,14 @@ DynamicLoaderDarwinKernel::ReadKextSummaryHeader ()
                        m_kext_summary_header.entry_size = KERNEL_MODULE_ENTRY_SIZE_VERSION_1;
                    }
                    m_kext_summary_header.entry_count = data.GetU32(&offset);
+                    if (m_kext_summary_header.entry_count > 10000)
+                    {
+                        // If we get an improbably large number of kexts, we're probably getting bad memory.
+                        Stream *s = m_process->GetTarget().GetDebugger().GetOutputFile().get();
+                        s->Printf ("WARNING: Unable to read kext summary header, got improbable number of kexts %u\n", m_kext_summary_header.entry_count);
+                        m_kext_summary_header_addr.Clear();
+                        return false;
+                    }
                    return true;
                }
            }