Skip to content

[5.3] OOB read in demangler with corrupted input #31973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 6, 2020
Merged

[5.3] OOB read in demangler with corrupted input #31973

merged 1 commit into from
Jul 6, 2020

Conversation

tbkka
Copy link
Contributor

@tbkka tbkka commented May 22, 2020

Request to merge PR #31793 to release/5.3 branch.

Original description: A malformed mangled name that ends in a truncated symbolic reference could trigger a read beyond the end of the name. This is because the code that grabs the next four bytes bypasses the existing bounds checks. Insert an explicit bounds check to guard against this.

Risk: Minor. It adds a check to see if we're about to read past the end-of-input and ends the parse if so.

Testing: Ran validation tests locally, verified by original reporter.

Resolves rdar://63511132

@tbkka
Fix an OOB read in the demangler (swiftlang#31793)
c845518 
A malformed mangled name that ends in a truncated symbolic
reference could trigger a read beyond the end of the name.
This is because the code that grabs the next four bytes
bypasses the existing bounds checks.  Insert an explicit
bounds check to guard against this.
@tbkka tbkka requested a review from a team as a code owner May 22, 2020 20:34
@tbkka
Copy link
Contributor Author

tbkka commented May 22, 2020

@swift-ci Please test

@tbkka tbkka merged commit f278447 into swiftlang:release/5.3 Jul 6, 2020
@tbkka tbkka deleted the tbkka-rdar63511132-demangler-OOB-5.3 branch October 16, 2020 00:32
@AnthonyLatsis AnthonyLatsis added swift 5.3 🍒 release cherry pick Flag: Release branch cherry picks labels Jan 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@airspeedswift airspeedswift airspeedswift approved these changes

Assignees
No one assigned
Labels
🍒 release cherry pick Flag: Release branch cherry picks swift 5.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tbkka @airspeedswift @theblixguy @AnthonyLatsis