[llvm] r235710 - [BitcodeReader] Fix asserts when we read a non-vector type for insert/extract/shuffle

Filipe Cabecinhas me at filcab.net
Fri Apr 24 04:30:16 PDT 2015 

Author: filcab
Date: Fri Apr 24 06:30:15 2015
New Revision: 235710

URL: http://llvm.org/viewvc/llvm-project?rev=235710&view=rev
Log:
[BitcodeReader] Fix asserts when we read a non-vector type for insert/extract/shuffle

Added some additional checking for vector types + tests.

Bug found with AFL fuzz.

Added:
    llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-extractelement.bc
    llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-insertelement.bc
    llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-shufflevector.bc
Modified:
    llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
    llvm/trunk/test/Bitcode/invalid.test

Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=235710&r1=235709&r2=235710&view=diff
==============================================================================
--- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)
+++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Fri Apr 24 06:30:15 2015
@@ -3646,6 +3646,8 @@ std::error_code BitcodeReader::ParseFunc
       if (getValueTypePair(Record, OpNum, NextValueNo, Vec) ||
           getValueTypePair(Record, OpNum, NextValueNo, Idx))
         return Error("Invalid record");
+      if (!Vec->getType()->isVectorTy())
+        return Error("Invalid type for value");
       I = ExtractElementInst::Create(Vec, Idx);
       InstructionList.push_back(I);
       break;
@@ -3654,8 +3656,11 @@ std::error_code BitcodeReader::ParseFunc
     case bitc::FUNC_CODE_INST_INSERTELT: { // INSERTELT: [ty, opval,opval,opval]
       unsigned OpNum = 0;
       Value *Vec, *Elt, *Idx;
-      if (getValueTypePair(Record, OpNum, NextValueNo, Vec) ||
-          popValue(Record, OpNum, NextValueNo,
+      if (getValueTypePair(Record, OpNum, NextValueNo, Vec))
+        return Error("Invalid record");
+      if (!Vec->getType()->isVectorTy())
+        return Error("Invalid type for value");
+      if (popValue(Record, OpNum, NextValueNo,
                    cast<VectorType>(Vec->getType())->getElementType(), Elt) ||
           getValueTypePair(Record, OpNum, NextValueNo, Idx))
         return Error("Invalid record");
@@ -3673,6 +3678,8 @@ std::error_code BitcodeReader::ParseFunc
 
       if (getValueTypePair(Record, OpNum, NextValueNo, Mask))
         return Error("Invalid record");
+      if (!Vec1->getType()->isVectorTy() || !Vec2->getType()->isVectorTy())
+        return Error("Invalid type for value");
       I = new ShuffleVectorInst(Vec1, Vec2, Mask);
       InstructionList.push_back(I);
       break;

Added: llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-extractelement.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-extractelement.bc?rev=235710&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-extractelement.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-extractelement.bc Fri Apr 24 06:30:15 2015 differ

Added: llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-insertelement.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-insertelement.bc?rev=235710&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-insertelement.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-insertelement.bc Fri Apr 24 06:30:15 2015 differ

Added: llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-shufflevector.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-shufflevector.bc?rev=235710&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-shufflevector.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-non-vector-shufflevector.bc Fri Apr 24 06:30:15 2015 differ

Modified: llvm/trunk/test/Bitcode/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=235710&r1=235709&r2=235710&view=diff
==============================================================================
--- llvm/trunk/test/Bitcode/invalid.test (original)
+++ llvm/trunk/test/Bitcode/invalid.test Fri Apr 24 06:30:15 2015
@@ -78,3 +78,12 @@ RUN: not llvm-dis -disable-output %p/Inp
 RUN:   FileCheck --check-prefix=ARRAY-TYPE %s
 
 ARRAY-TYPE: Array element type can't be an Array or a Blob
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-non-vector-extractelement.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-TYPE %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-non-vector-insertelement.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-TYPE %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-non-vector-shufflevector.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-TYPE %s
+
+INVALID-TYPE: Invalid type for value

More information about the llvm-commits mailing list