[PATCH] D64507: [BitcodeReader] Validate OpNum, before accessing Record array.
Florian Hahn via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Jul 10 09:21:00 PDT 2019
fhahn created this revision.
fhahn added reviewers: t.p.northover, thegameg, jfb.
Herald added subscribers: dexonsmith, hiraditya.
Herald added a project: LLVM.
Currently invalid bitcode files can cause a crash, when OpNum exceeds
the number of elements in Record, like in the attached bitcode file.
The test case was generated by clusterfuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15698
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D64507
Files:
llvm/lib/Bitcode/Reader/BitcodeReader.cpp
llvm/test/Bitcode/Inputs/invalid-fcmp-opnum.bc
llvm/test/Bitcode/invalid.test
Index: llvm/test/Bitcode/invalid.test
===================================================================
--- llvm/test/Bitcode/invalid.test
+++ llvm/test/Bitcode/invalid.test
@@ -235,3 +235,8 @@
RUN: FileCheck --check-prefix=NONPOINTER-ATOMICRMW %s
NONPOINTER-ATOMICRMW: Invalid record
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-fcmp-opnum.bc 2>&1 | \
+RUN: FileCheck --check-prefix=INVALID-FCMP-OPNUM %s
+
+INVALID-FCMP-OPNUM: Invalid record
Index: llvm/lib/Bitcode/Reader/BitcodeReader.cpp
===================================================================
--- llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -4165,6 +4165,9 @@
popValue(Record, OpNum, NextValueNo, LHS->getType(), RHS))
return error("Invalid record");
+ if (OpNum >= Record.size())
+ return error("Invalid record");
+
unsigned PredVal = Record[OpNum];
bool IsFP = LHS->getType()->isFPOrFPVectorTy();
FastMathFlags FMF;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D64507.208986.patch
Type: text/x-patch
Size: 1008 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190710/e56e54fe/attachment.bin>
More information about the llvm-commits
mailing list