[llvm] r236073 - Make sure that isValidElementType(Type) before calling {Array, Struct}Type::get(Type)

Filipe Cabecinhas filcab at filcab.net
Tue Apr 28 19:34:36 PDT 2015 

Will do that. I just committed a similar fix to PointerType, and that was
written like you describe it.

On Tuesday, April 28, 2015, David Blaikie <dblaikie at gmail.com> wrote:

>
>
> On Tue, Apr 28, 2015 at 6:27 PM, Filipe Cabecinhas <me at filcab.net
> <javascript:_e(%7B%7D,'cvml','me at filcab.net');>> wrote:
>
>> Author: filcab
>> Date: Tue Apr 28 20:27:01 2015
>> New Revision: 236073
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=236073&view=rev
>> Log:
>> Make sure that isValidElementType(Type) before calling
>> {Array,Struct}Type::get(Type)
>>
>> Bug found with AFL fuzz.
>>
>> Added:
>>     llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc
>>     llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc
>> Modified:
>>     llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
>>     llvm/trunk/test/Bitcode/invalid.test
>>
>> Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=236073&r1=236072&r2=236073&view=diff
>>
>> ==============================================================================
>> --- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)
>> +++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Tue Apr 28 20:27:01
>> 2015
>> @@ -1474,7 +1474,8 @@ std::error_code BitcodeReader::ParseType
>>      case bitc::TYPE_CODE_ARRAY:     // ARRAY: [numelts, eltty]
>>        if (Record.size() < 2)
>>          return Error("Invalid record");
>> -      if ((ResultTy = getTypeByID(Record[1])))
>> +      if ((ResultTy = getTypeByID(Record[1])) &&
>> +          StructType::isValidElementType(ResultTy))
>>          ResultTy = ArrayType::get(ResultTy, Record[0]);
>>        else
>>          return Error("Invalid type");
>> @@ -1482,7 +1483,8 @@ std::error_code BitcodeReader::ParseType
>>      case bitc::TYPE_CODE_VECTOR:    // VECTOR: [numelts, eltty]
>>        if (Record.size() < 2)
>>          return Error("Invalid record");
>> -      if ((ResultTy = getTypeByID(Record[1])))
>> +      if ((ResultTy = getTypeByID(Record[1])) &&
>> +          StructType::isValidElementType(ResultTy))
>>
>
> Might be nice to invert these conditions and return error from the if,
> drop the else - that way the main code isn't indented and it's a line
> shorter (the LLVM coding conventions mention this preference for early
> return/continue to reduce indentation)
>
> (same above in the other similar codeblock)
>
>
>>          ResultTy = VectorType::get(ResultTy, Record[0]);
>>        else
>>          return Error("Invalid type");
>>
>> Added: llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc?rev=236073&view=auto
>>
>> ==============================================================================
>> Binary files llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc
>> (added) and llvm/trunk/test/Bitcode/Inputs/invalid-array-element-type.bc
>> Tue Apr 28 20:27:01 2015 differ
>>
>> Added: llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc?rev=236073&view=auto
>>
>> ==============================================================================
>> Binary files
>> llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc (added) and
>> llvm/trunk/test/Bitcode/Inputs/invalid-vector-element-type.bc Tue Apr 28
>> 20:27:01 2015 differ
>>
>> Modified: llvm/trunk/test/Bitcode/invalid.test
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=236073&r1=236072&r2=236073&view=diff
>>
>> ==============================================================================
>> --- llvm/trunk/test/Bitcode/invalid.test (original)
>> +++ llvm/trunk/test/Bitcode/invalid.test Tue Apr 28 20:27:01 2015
>> @@ -98,3 +98,10 @@ RUN: not llvm-dis -disable-output %p/Inp
>>  RUN:   FileCheck --check-prefix=FWDREF-TYPE %s
>>
>>  FWDREF-TYPE: Invalid record
>> +
>> +RUN: not llvm-dis -disable-output
>> %p/Inputs/invalid-array-element-type.bc 2>&1 | \
>> +RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
>> +RUN: not llvm-dis -disable-output
>> %p/Inputs/invalid-vector-element-type.bc 2>&1 | \
>> +RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
>> +
>> +ELEMENT-TYPE: Invalid type
>>
>>
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at cs.uiuc.edu
>> <javascript:_e(%7B%7D,'cvml','llvm-commits at cs.uiuc.edu');>
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150429/cafc86ab/attachment.html>

More information about the llvm-commits mailing list