Merge pull request #103 from haberman/dwarf-form Fixed hang found by fuzzing.

commit: 0eadc72c6eb8cd6ee7adbd9c257ee67538c686e8 [log] [tgz]
author: Joshua Haberman <jhaberman@gmail.com> Mon Feb 19 12:13:49 2018 -0800
committer: GitHub <noreply@github.com> Mon Feb 19 12:13:49 2018 -0800
tree: 92f1e75ce329863ae23d9778258b242a70ad8174
parent: 6524036a61b3a833eb9e04fc4387993ffb4b5b62 [diff]
parent: 36c411cf3782a783eaaefab304eb2c1249f470f5 [diff]
diff --git a/src/macho.cc b/src/macho.cc
index 6036af3..a027952 100644
--- a/src/macho.cc
+++ b/src/macho.cc

@@ -125,6 +125,14 @@
 
   for (uint32_t i = 0; i < ncmds; i++) {
     auto command = GetStructPointer<load_command>(header_data);
+
+    // We test for this because otherwise a large ncmds can make bloaty hang for
+    // a while, even on a small file.  Hopefully there are no real cases where a
+    // zero-size loadcmd exists.
+    if (command->cmdsize == 0) {
+      THROW("Mach-O load command had zero size.");
+    }
+
     string_view command_data = StrictSubstr(header_data, 0, command->cmdsize);
     std::forward<Func>(loadcmd_func)(command->cmd, command_data, macho_data);
     MaybeAddOverhead(overhead_sink, "[Mach-O Headers]", command_data);

diff --git a/tests/testdata/fuzz_corpus/6ecf640685258c2bc0960ab1a797ba2db10ffd63 b/tests/testdata/fuzz_corpus/6ecf640685258c2bc0960ab1a797ba2db10ffd63
new file mode 100644
index 0000000..3841a59
--- /dev/null
+++ b/tests/testdata/fuzz_corpus/6ecf640685258c2bc0960ab1a797ba2db10ffd63
Binary files differ
commit	0eadc72c6eb8cd6ee7adbd9c257ee67538c686e8	[log] [tgz]
author	Joshua Haberman <jhaberman@gmail.com>	Mon Feb 19 12:13:49 2018 -0800
committer	GitHub <noreply@github.com>	Mon Feb 19 12:13:49 2018 -0800
tree	92f1e75ce329863ae23d9778258b242a70ad8174
parent	6524036a61b3a833eb9e04fc4387993ffb4b5b62 [diff]
parent	36c411cf3782a783eaaefab304eb2c1249f470f5 [diff]