[llvm] r236200 - Don't overflow GCTable

Filipe Cabecinhas me at filcab.net
Wed Apr 29 21:09:41 PDT 2015 

Author: filcab
Date: Wed Apr 29 23:09:41 2015
New Revision: 236200

URL: http://llvm.org/viewvc/llvm-project?rev=236200&view=rev
Log:
Don't overflow GCTable

Summary: Bug found with AFL fuzz.

Reviewers: rafael, dexonsmith

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9361

Added:
    llvm/trunk/test/Bitcode/Inputs/invalid-GCTable-overflow.bc
Modified:
    llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
    llvm/trunk/test/Bitcode/invalid.test

Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=236200&r1=236199&r2=236200&view=diff
==============================================================================
--- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)
+++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Wed Apr 29 23:09:41 2015
@@ -2992,7 +2992,7 @@ std::error_code BitcodeReader::ParseModu
         // FIXME: Change to an error if non-default in 4.0.
         Func->setVisibility(GetDecodedVisibility(Record[7]));
       if (Record.size() > 8 && Record[8]) {
-        if (Record[8]-1 > GCTable.size())
+        if (Record[8]-1 >= GCTable.size())
           return Error("Invalid ID");
         Func->setGC(GCTable[Record[8]-1].c_str());
       }

Added: llvm/trunk/test/Bitcode/Inputs/invalid-GCTable-overflow.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-GCTable-overflow.bc?rev=236200&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-GCTable-overflow.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-GCTable-overflow.bc Wed Apr 29 23:09:41 2015 differ

Modified: llvm/trunk/test/Bitcode/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=236200&r1=236199&r2=236200&view=diff
==============================================================================
--- llvm/trunk/test/Bitcode/invalid.test (original)
+++ llvm/trunk/test/Bitcode/invalid.test Wed Apr 29 23:09:41 2015
@@ -122,3 +122,8 @@ RUN: not llvm-dis -disable-output %p/Inp
 RUN:   FileCheck --check-prefix=LOAD-BAD-TYPE %s
 
 LOAD-BAD-TYPE: Load operand is not a pointer type
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-GCTable-overflow.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=GCTABLE-OFLOW %s
+
+GCTABLE-OFLOW: Invalid ID

More information about the llvm-commits mailing list