[PATCH] D64577: [BitcodeReader] Use tighter upper bound to validate forward references.
Florian Hahn via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Jul 11 11:23:49 PDT 2019
fhahn created this revision.
fhahn added reviewers: t.p.northover, thegameg, jfb, efriedma, hfinkel.
Herald added subscribers: dexonsmith, hiraditya.
Herald added a project: LLVM.
At the moment, bitcode files with invalid forward reference can easily
cause the bitcode reader to run out of memory, by creating a forward
reference with a very high index.
We can use the size of the bitcode file as an upper bound, because a
valid bitcode file can never contain more records. This should be
sufficient to fail early in most cases. The only exception is large
files with invalid forward references close to the file size.
There are a couple of clusterfuzz runs that fail with out-of-memory
because of very high forward references and they should be fixed by this
patch.
A concrete example for this is D64507 <https://reviews.llvm.org/D64507>, which causes out-of-memory on
systems with low memory, like the hexagon upstream bots.
I am not entirely sure about the way we get the size of the stream in
this patch. Maybe it would be better to get NumWords, when we enter the
module block?
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D64577
Files:
llvm/include/llvm/Bitstream/BitstreamReader.h
llvm/lib/Bitcode/Reader/BitcodeReader.cpp
llvm/lib/Bitcode/Reader/MetadataLoader.cpp
llvm/lib/Bitcode/Reader/ValueList.cpp
llvm/lib/Bitcode/Reader/ValueList.h
llvm/test/Bitcode/pr18704.ll
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D64577.209275.patch
Type: text/x-patch
Size: 5796 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190711/f4eedcff/attachment.bin>
More information about the llvm-commits
mailing list