[llvm] r238891 - [BitcodeReader] Check vector size before trying to create a VectorType
Filipe Cabecinhas
me at filcab.net
Tue Jun 2 17:05:31 PDT 2015
Author: filcab
Date: Tue Jun 2 19:05:30 2015
New Revision: 238891
URL: http://llvm.org/viewvc/llvm-project?rev=238891&view=rev
Log:
[BitcodeReader] Check vector size before trying to create a VectorType
Bug found with AFL fuzz
Added:
llvm/trunk/test/Bitcode/Inputs/invalid-vector-length.bc
Modified:
llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
llvm/trunk/test/Bitcode/invalid.test
Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=238891&r1=238890&r2=238891&view=diff
==============================================================================
--- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)
+++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Tue Jun 2 19:05:30 2015
@@ -1497,6 +1497,8 @@ std::error_code BitcodeReader::ParseType
case bitc::TYPE_CODE_VECTOR: // VECTOR: [numelts, eltty]
if (Record.size() < 2)
return Error("Invalid record");
+ if (Record[0] == 0)
+ return Error("Invalid vector length");
ResultTy = getTypeByID(Record[1]);
if (!ResultTy || !StructType::isValidElementType(ResultTy))
return Error("Invalid type");
Added: llvm/trunk/test/Bitcode/Inputs/invalid-vector-length.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-vector-length.bc?rev=238891&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-vector-length.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-vector-length.bc Tue Jun 2 19:05:30 2015 differ
Modified: llvm/trunk/test/Bitcode/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=238891&r1=238890&r2=238891&view=diff
==============================================================================
--- llvm/trunk/test/Bitcode/invalid.test (original)
+++ llvm/trunk/test/Bitcode/invalid.test Tue Jun 2 19:05:30 2015
@@ -192,3 +192,8 @@ RUN: not llvm-dis -disable-output %p/Inp
RUN: FileCheck --check-prefix=META-NOT-FOLLOWED-BY-NAMED-META %s
META-NOT-FOLLOWED-BY-NAMED-META: METADATA_NAME not followed by METADATA_NAMED_NODE
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-length.bc 2>&1 | \
+RUN: FileCheck --check-prefix=VECTOR-LENGTH %s
+
+VECTOR-LENGTH: Invalid vector length
More information about the llvm-commits
mailing list