[llvm] r235596 - Be more strict about the operand for the array type in BitcodeReader

Filipe Cabecinhas me at filcab.net
Thu Apr 23 06:38:22 PDT 2015 

Author: filcab
Date: Thu Apr 23 08:38:21 2015
New Revision: 235596

URL: http://llvm.org/viewvc/llvm-project?rev=235596&view=rev
Log:
Be more strict about the operand for the array type in BitcodeReader

Summary: Bug found with AFL fuzz.

Reviewers: rafael

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9016

Added:
    llvm/trunk/test/Bitcode/Inputs/invalid-array-type.bc
Modified:
    llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp
    llvm/trunk/test/Bitcode/invalid.test

Modified: llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp?rev=235596&r1=235595&r2=235596&view=diff
==============================================================================
--- llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp (original)
+++ llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp Thu Apr 23 08:38:21 2015
@@ -201,6 +201,9 @@ unsigned BitstreamCursor::readRecord(uns
       // Get the element encoding.
       assert(i+2 == e && "array op not second to last?");
       const BitCodeAbbrevOp &EltEnc = Abbv->getOperandInfo(++i);
+      if (EltEnc.getEncoding() == BitCodeAbbrevOp::Array ||
+          EltEnc.getEncoding() == BitCodeAbbrevOp::Blob)
+        report_fatal_error("Array element type can't be an Array or a Blob");
 
       // Read all the elements.
       for (; NumElts; --NumElts)

Added: llvm/trunk/test/Bitcode/Inputs/invalid-array-type.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-array-type.bc?rev=235596&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-array-type.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-array-type.bc Thu Apr 23 08:38:21 2015 differ

Modified: llvm/trunk/test/Bitcode/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=235596&r1=235595&r2=235596&view=diff
==============================================================================
--- llvm/trunk/test/Bitcode/invalid.test (original)
+++ llvm/trunk/test/Bitcode/invalid.test Thu Apr 23 08:38:21 2015
@@ -73,3 +73,8 @@ RUN: not llvm-dis -disable-output %p/Inp
 RUN:   FileCheck --check-prefix=HUGE-ABBREV-OP %s
 
 HUGE-ABBREV-OP: Fixed or VBR abbrev record with size > MaxChunkData
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ARRAY-TYPE %s
+
+ARRAY-TYPE: Array element type can't be an Array or a Blob

More information about the llvm-commits mailing list