Will do that. I just committed a similar fix to PointerType, and that was written like you describe it.<span></span><br><br>On Tuesday, April 28, 2015, David Blaikie <<a href="mailto:dblaikie@gmail.com">dblaikie@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 28, 2015 at 6:27 PM, Filipe Cabecinhas <span dir="ltr"><<a href="javascript:_e(%7B%7D,'cvml','me@filcab.net');" target="_blank">me@filcab.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: filcab<br>
Date: Tue Apr 28 20:27:01 2015<br>
New Revision: 236073<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=236073&view=rev" target="_blank">http://llvm.org/viewvc/llvm-project?rev=236073&view=rev</a><br>
Log:<br>
Make sure that isValidElementType(Type) before calling {Array,Struct}Type::get(Type)<br>
<br>
Bug found with AFL fuzz.<br>
<br>
Added:<br>
llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc<br>
llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc<br>
Modified:<br>
llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp<br>
llvm/trunk/test/Bitcode/invalid.test<br>
<br>
Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=236073&r1=236072&r2=236073&view=diff" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=236073&r1=236072&r2=236073&view=diff</a><br>
==============================================================================<br>
--- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)<br>
+++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Tue Apr 28 20:27:01 2015<br>
@@ -1474,7 +1474,8 @@ std::error_code BitcodeReader::ParseType<br>
case bitc::TYPE_CODE_ARRAY: // ARRAY: [numelts, eltty]<br>
if (Record.size() < 2)<br>
return Error("Invalid record");<br>
- if ((ResultTy = getTypeByID(Record[1])))<br>
+ if ((ResultTy = getTypeByID(Record[1])) &&<br>
+ StructType::isValidElementType(ResultTy))<br>
ResultTy = ArrayType::get(ResultTy, Record[0]);<br>
else<br>
return Error("Invalid type");<br>
@@ -1482,7 +1483,8 @@ std::error_code BitcodeReader::ParseType<br>
case bitc::TYPE_CODE_VECTOR: // VECTOR: [numelts, eltty]<br>
if (Record.size() < 2)<br>
return Error("Invalid record");<br>
- if ((ResultTy = getTypeByID(Record[1])))<br>
+ if ((ResultTy = getTypeByID(Record[1])) &&<br>
+ StructType::isValidElementType(ResultTy))<br></blockquote><div><br>Might be nice to invert these conditions and return error from the if, drop the else - that way the main code isn't indented and it's a line shorter (the LLVM coding conventions mention this preference for early return/continue to reduce indentation)<br><br>(same above in the other similar codeblock)<br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
ResultTy = VectorType::get(ResultTy, Record[0]);<br>
else<br>
return Error("Invalid type");<br>
<br>
Added: llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc?rev=236073&view=auto" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc?rev=236073&view=auto</a><br>
==============================================================================<br>
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc Tue Apr 28 20:27:01 2015 differ<br>
<br>
Added: llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc?rev=236073&view=auto" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc?rev=236073&view=auto</a><br>
==============================================================================<br>
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc Tue Apr 28 20:27:01 2015 differ<br>
<br>
Modified: llvm/trunk/test/Bitcode/invalid.test<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=236073&r1=236072&r2=236073&view=diff" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=236073&r1=236072&r2=236073&view=diff</a><br>
==============================================================================<br>
--- llvm/trunk/test/Bitcode/invalid.test (original)<br>
+++ llvm/trunk/test/Bitcode/invalid.test Tue Apr 28 20:27:01 2015<br>
@@ -98,3 +98,10 @@ RUN: not llvm-dis -disable-output %p/Inp<br>
RUN: FileCheck --check-prefix=FWDREF-TYPE %s<br>
<br>
FWDREF-TYPE: Invalid record<br>
+<br>
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-element-type.bc 2>&1 | \<br>
+RUN: FileCheck --check-prefix=ELEMENT-TYPE %s<br>
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-element-type.bc 2>&1 | \<br>
+RUN: FileCheck --check-prefix=ELEMENT-TYPE %s<br>
+<br>
+ELEMENT-TYPE: Invalid type<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="javascript:_e(%7B%7D,'cvml','llvm-commits@cs.uiuc.edu');" target="_blank">llvm-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br></div></div>
</blockquote>