From 41e2dc931159ad18031b126f027a52b5eade2386 Mon Sep 17 00:00:00 2001
From: Francis Visoiu Mistrih <francisvm@yahoo.com>
Date: Tue, 4 Sep 2018 16:31:48 +0000
Subject: [PATCH] [MachO] Fix LC_DYSYMTAB validation for external symbols

We were validating the same index (ilocalsym) twice, while iextdefsym
was never validated.

llvm-svn: 341378
---
 lib/Object/MachOObjectFile.cpp                |  2 +-
 .../llvm-objdump/macho-bad-dysymtab.test      | 51 +++++++++++++++++++
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 test/tools/llvm-objdump/macho-bad-dysymtab.test

diff --git a/lib/Object/MachOObjectFile.cpp b/lib/Object/MachOObjectFile.cpp
index e422903f280..76480b4ea44 100644
--- a/lib/Object/MachOObjectFile.cpp
+++ b/lib/Object/MachOObjectFile.cpp
@@ -1592,7 +1592,7 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
                            "command extends past the end of the symbol table");
       return;
     }
-    if (Dysymtab.nextdefsym != 0 && Dysymtab.ilocalsym > Symtab.nsyms) {
+    if (Dysymtab.nextdefsym != 0 && Dysymtab.iextdefsym > Symtab.nsyms) {
       Err = malformedError("nextdefsym in LC_DYSYMTAB load command "
                            "extends past the end of the symbol table");
       return;
diff --git a/test/tools/llvm-objdump/macho-bad-dysymtab.test b/test/tools/llvm-objdump/macho-bad-dysymtab.test
new file mode 100644
index 00000000000..90a5a2773f0
--- /dev/null
+++ b/test/tools/llvm-objdump/macho-bad-dysymtab.test
@@ -0,0 +1,51 @@
+#RUN: yaml2obj %s > %t1.dylib
+#RUN: not llvm-objdump -d %t1.dylib 2>&1 | FileCheck %s
+
+--- !mach-o
+FileHeader:
+  magic:           0xFEEDFACF
+  cputype:         0x01000007
+  cpusubtype:      0x80000003
+  filetype:        0x00000002
+  ncmds:           2
+  sizeofcmds:      104
+  flags:           0x00200085
+  reserved:        0x00000000
+LoadCommands:
+  - cmd:             LC_SYMTAB
+    cmdsize:         24
+    symoff:          136
+    nsyms:           3
+    stroff:          0
+    strsize:         0
+  - cmd:             LC_DYSYMTAB
+    cmdsize:         80
+    ilocalsym:       0
+    nlocalsym:       0
+    iextdefsym:      4
+#CHECK: truncated or malformed object (nextdefsym in LC_DYSYMTAB load command extends past the end of the symbol table)
+    nextdefsym:      2
+    iundefsym:       2
+    nundefsym:       1
+    tocoff:          0
+    ntoc:            0
+    modtaboff:       0
+    nmodtab:         0
+    extrefsymoff:    0
+    nextrefsyms:     0
+    indirectsymoff:  0
+    nindirectsyms:   0
+    extreloff:       0
+    nextrel:         0
+    locreloff:       0
+    nlocrel:         0
+LinkEditData:
+  StringTable:
+    - ' '
+    - __mh_execute_header
+    - _main
+    - dyld_stub_binder
+    - ''
+    - ''
+    - ''
+...