[llvm] r236073 - Make sure that isValidElementType(Type) before calling {Array, Struct}Type::get(Type)

David Blaikie dblaikie at gmail.com
Tue Apr 28 18:32:43 PDT 2015 

On Tue, Apr 28, 2015 at 6:27 PM, Filipe Cabecinhas <me at filcab.net> wrote:

> Author: filcab
> Date: Tue Apr 28 20:27:01 2015
> New Revision: 236073
>
> URL: http://llvm.org/viewvc/llvm-project?rev=236073&view=rev
> Log:
> Make sure that isValidElementType(Type) before calling
> {Array,Struct}Type::get(Type)
>
> Bug found with AFL fuzz.
>
> Added:
>     llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc
>     llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc
> Modified:
>     llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
>     llvm/trunk/test/Bitcode/invalid.test
>
> Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=236073&r1=236072&r2=236073&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)
> +++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Tue Apr 28 20:27:01
> 2015
> @@ -1474,7 +1474,8 @@ std::error_code BitcodeReader::ParseType
>      case bitc::TYPE_CODE_ARRAY:     // ARRAY: [numelts, eltty]
>        if (Record.size() < 2)
>          return Error("Invalid record");
> -      if ((ResultTy = getTypeByID(Record[1])))
> +      if ((ResultTy = getTypeByID(Record[1])) &&
> +          StructType::isValidElementType(ResultTy))
>          ResultTy = ArrayType::get(ResultTy, Record[0]);
>        else
>          return Error("Invalid type");
> @@ -1482,7 +1483,8 @@ std::error_code BitcodeReader::ParseType
>      case bitc::TYPE_CODE_VECTOR:    // VECTOR: [numelts, eltty]
>        if (Record.size() < 2)
>          return Error("Invalid record");
> -      if ((ResultTy = getTypeByID(Record[1])))
> +      if ((ResultTy = getTypeByID(Record[1])) &&
> +          StructType::isValidElementType(ResultTy))
>

Might be nice to invert these conditions and return error from the if, drop
the else - that way the main code isn't indented and it's a line shorter
(the LLVM coding conventions mention this preference for early
return/continue to reduce indentation)

(same above in the other similar codeblock)


>          ResultTy = VectorType::get(ResultTy, Record[0]);
>        else
>          return Error("Invalid type");
>
> Added: llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc?rev=236073&view=auto
>
> ==============================================================================
> Binary files llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc
> (added) and llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc
> Tue Apr 28 20:27:01 2015 differ
>
> Added: llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc?rev=236073&view=auto
>
> ==============================================================================
> Binary files llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc
> (added) and llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc
> Tue Apr 28 20:27:01 2015 differ
>
> Modified: llvm/trunk/test/Bitcode/invalid.test
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=236073&r1=236072&r2=236073&view=diff
>
> ==============================================================================
> --- llvm/trunk/test/Bitcode/invalid.test (original)
> +++ llvm/trunk/test/Bitcode/invalid.test Tue Apr 28 20:27:01 2015
> @@ -98,3 +98,10 @@ RUN: not llvm-dis -disable-output %p/Inp
>  RUN:   FileCheck --check-prefix=FWDREF-TYPE %s
>
>  FWDREF-TYPE: Invalid record
> +
> +RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-element-type.bc
> 2>&1 | \
> +RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
> +RUN: not llvm-dis -disable-output
> %p/Inputs/invalid-vector-element-type.bc 2>&1 | \
> +RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
> +
> +ELEMENT-TYPE: Invalid type
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150428/9e3f0dc1/attachment.html>

More information about the llvm-commits mailing list