[llvm] r236190 - Make sure we don't resize(0) when we get a fwdref with Idx == UINT_MAX

Filipe Cabecinhas me at filcab.net
Wed Apr 29 17:52:43 PDT 2015 

Author: filcab
Date: Wed Apr 29 19:52:42 2015
New Revision: 236190

URL: http://llvm.org/viewvc/llvm-project?rev=236190&view=rev
Log:
Make sure we don't resize(0) when we get a fwdref with Idx == UINT_MAX

Make it an error instead.

Bug found with AFL fuzz.

Added:
    llvm/trunk/test/Bitcode/Inputs/invalid-too-big-fwdref.bc
Modified:
    llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
    llvm/trunk/test/Bitcode/invalid.test

Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=236190&r1=236189&r2=236190&view=diff
==============================================================================
--- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)
+++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Wed Apr 29 19:52:42 2015
@@ -790,6 +790,10 @@ Constant *BitcodeReaderValueList::getCon
 }
 
 Value *BitcodeReaderValueList::getValueFwdRef(unsigned Idx, Type *Ty) {
+  // Bail out for a clearly invalid value. This would make us call resize(0)
+  if (Idx == UINT_MAX)
+    return nullptr;
+
   if (Idx >= size())
     resize(Idx + 1);
 

Added: llvm/trunk/test/Bitcode/Inputs/invalid-too-big-fwdref.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-too-big-fwdref.bc?rev=236190&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-too-big-fwdref.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-too-big-fwdref.bc Wed Apr 29 19:52:42 2015 differ

Modified: llvm/trunk/test/Bitcode/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=236190&r1=236189&r2=236190&view=diff
==============================================================================
--- llvm/trunk/test/Bitcode/invalid.test (original)
+++ llvm/trunk/test/Bitcode/invalid.test Wed Apr 29 19:52:42 2015
@@ -112,3 +112,8 @@ RUN: not llvm-dis -disable-output %p/Inp
 RUN:   FileCheck --check-prefix=ARRAY-NOT-2LAST %s
 
 ARRAY-NOT-2LAST: Array op not second to last
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-too-big-fwdref.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=HUGE-FWDREF %s
+
+HUGE-FWDREF: Invalid record

More information about the llvm-commits mailing list