[llvm] r227589 - Check bit widths before trying to get a type.
Filipe Cabecinhas
me at filcab.net
Fri Jan 30 10:13:50 PST 2015
Author: filcab
Date: Fri Jan 30 12:13:50 2015
New Revision: 227589
URL: http://llvm.org/viewvc/llvm-project?rev=227589&view=rev
Log:
Check bit widths before trying to get a type.
Added a test case for it.
Also added run lines for the test case in r227566.
Bugs found with afl-fuzz
Added:
llvm/trunk/test/Bitcode/Inputs/invalid-bitwidth.bc
Modified:
llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
llvm/trunk/test/Bitcode/invalid.test
Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=227589&r1=227588&r2=227589&view=diff
==============================================================================
--- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)
+++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Fri Jan 30 12:13:50 2015
@@ -950,12 +950,17 @@ std::error_code BitcodeReader::ParseType
case bitc::TYPE_CODE_X86_MMX: // X86_MMX
ResultTy = Type::getX86_MMXTy(Context);
break;
- case bitc::TYPE_CODE_INTEGER: // INTEGER: [width]
+ case bitc::TYPE_CODE_INTEGER: { // INTEGER: [width]
if (Record.size() < 1)
return Error("Invalid record");
- ResultTy = IntegerType::get(Context, Record[0]);
+ uint64_t NumBits = Record[0];
+ if (NumBits < IntegerType::MIN_INT_BITS ||
+ NumBits > IntegerType::MAX_INT_BITS)
+ return Error("Bitwidth for integer type out of range");
+ ResultTy = IntegerType::get(Context, NumBits);
break;
+ }
case bitc::TYPE_CODE_POINTER: { // POINTER: [pointee type] or
// [pointee type, address space]
if (Record.size() < 1)
Added: llvm/trunk/test/Bitcode/Inputs/invalid-bitwidth.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-bitwidth.bc?rev=227589&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-bitwidth.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-bitwidth.bc Fri Jan 30 12:13:50 2015 differ
Modified: llvm/trunk/test/Bitcode/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=227589&r1=227588&r2=227589&view=diff
==============================================================================
--- llvm/trunk/test/Bitcode/invalid.test (original)
+++ llvm/trunk/test/Bitcode/invalid.test Fri Jan 30 12:13:50 2015
@@ -6,8 +6,14 @@ RUN: not llvm-dis -disable-output %p/Inp
RUN: FileCheck --check-prefix=UNEXPECTED-EOF %s
RUN: not llvm-dis -disable-output %p/Inputs/invalid-bad-abbrev-number.bc 2>&1 | \
RUN: FileCheck --check-prefix=BAD-ABBREV-NUMBER %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-type-table-forward-ref.bc 2>&1 | \
+RUN: FileCheck --check-prefix=BAD-TYPE-TABLE-FORWARD-REF %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-bitwidth.bc 2>&1 | \
+RUN: FileCheck --check-prefix=BAD-BITWIDTH %s
INVALID-ENCODING: Invalid encoding
BAD-ABBREV: Abbreviation starts with an Array or a Blob
UNEXPECTED-EOF: Unexpected end of file
BAD-ABBREV-NUMBER: Invalid abbrev number
+BAD-TYPE-TABLE-FORWARD-REF: Invalid TYPE table: Only named structs can be forward referenced
+BAD-BITWIDTH: Bitwidth for integer type out of range
More information about the llvm-commits
mailing list