[PATCH] Don't overflow GCTable
Duncan P. N. Exon Smith
dexonsmith at apple.com
Wed Apr 29 19:28:31 PDT 2015
> On 2015 Apr 29, at 18:46, Filipe Cabecinhas <filcab+llvm.phabricator at gmail.com> wrote:
>
> Hi rafael, dexonsmith,
>
> Bug found with AFL fuzz.
>
> http://reviews.llvm.org/D9361
>
> Files:
> lib/Bitcode/Reader/BitcodeReader.cpp
> test/Bitcode/Inputs/invalid-GCTable-overflow.bc
> test/Bitcode/invalid.test
LGTM.
>
> Index: lib/Bitcode/Reader/BitcodeReader.cpp
> ===================================================================
> --- lib/Bitcode/Reader/BitcodeReader.cpp
> +++ lib/Bitcode/Reader/BitcodeReader.cpp
> @@ -2992,7 +2992,7 @@
> // FIXME: Change to an error if non-default in 4.0.
> Func->setVisibility(GetDecodedVisibility(Record[7]));
> if (Record.size() > 8 && Record[8]) {
> - if (Record[8]-1 > GCTable.size())
> + if (Record[8]-1 >= GCTable.size())
> return Error("Invalid ID");
> Func->setGC(GCTable[Record[8]-1].c_str());
> }
> Index: test/Bitcode/invalid.test
> ===================================================================
> --- test/Bitcode/invalid.test
> +++ test/Bitcode/invalid.test
> @@ -122,3 +122,8 @@
> RUN: FileCheck --check-prefix=LOAD-BAD-TYPE %s
>
> LOAD-BAD-TYPE: Load operand is not a pointer type
> +
> +RUN: not llvm-dis -disable-output %p/Inputs/invalid-GCTable-overflow.bc 2>&1 | \
> +RUN: FileCheck --check-prefix=GCTABLE-OFLOW %s
> +
> +GCTABLE-OFLOW: Invalid ID
>
> EMAIL PREFERENCES
> http://reviews.llvm.org/settings/panel/emailpreferences/
> <D9361.24673.patch>
More information about the llvm-commits
mailing list