From f72819e5bd7230d710e323e7af519abd6ffeaf04 Mon Sep 17 00:00:00 2001 From: martin Date: Tue, 5 Feb 2019 17:31:03 +0000 Subject: [PATCH] FpDebug, LazDebuggerFpLldb: prevent reading invalid memory (int overflow of Addr+Size) / this fixes crashes due to incorrect cache matches git-svn-id: trunk@60338 - --- components/fpdebug/fpdmemorytools.pas | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/components/fpdebug/fpdmemorytools.pas b/components/fpdebug/fpdmemorytools.pas index 8db1cc611b..260e5220e1 100644 --- a/components/fpdebug/fpdmemorytools.pas +++ b/components/fpdebug/fpdmemorytools.pas @@ -645,14 +645,16 @@ end; function TFpDbgMemCacheSimple.ContainsMemory(AnAddress: TDbgPtr; ASize: Cardinal ): Boolean; begin - Result := (AnAddress >= FCacheAddress) or (AnAddress + ASize <= FCacheAddress + FCacheSize); + Result := (ASize <= High(TDbgPtr) - AnAddress) and // not impossible memory range + (AnAddress >= FCacheAddress) and (AnAddress + ASize <= FCacheAddress + FCacheSize); end; function TFpDbgMemCacheSimple.ReadMemory(AnAddress: TDbgPtr; ASize: Cardinal; ADest: Pointer): Boolean; begin Result := False; - if (AnAddress < FCacheAddress) or (AnAddress + ASize > FCacheAddress + FCacheSize) or + if (ASize > High(TDbgPtr) - AnAddress) or // impossible memory range + (AnAddress < FCacheAddress) or (AnAddress + ASize > FCacheAddress + FCacheSize) or FFailed then exit; @@ -710,6 +712,9 @@ var Node: TAVLTreeNode; begin Result := False; + if ASize > High(TDbgPtr) - AnAddress then // impossible memory range + exit; + Node := FCaches.FindNearestKey(@AnAddress, @CompareKey); if Node = nil then exit; @@ -899,6 +904,11 @@ var TmpVal: TDbgPtr; ConvData: TFpDbgMemConvData; begin + if ASize > High(TDbgPtr) - ALocation.Address then begin + FLastError := CreateError(fpErrCanNotReadMemAtAddr, [ALocation.Address]); + exit; + end; + FLastError := NoError; Result := False; if AContext = nil then