[PATCH] Fix input validation issues in llvm-as/llvm-dis

Thu May 7 16:18:10 PDT 2015

1. llvm-as/llvm-dis tools do not check for input filename length.
2. llvm-dis does not verify the `Streamer` variable against `nullptr` properly, so the `M` variable could be uninitialized (e.g. if the input file does not exist) leading to null dref.

REPOSITORY
  rL LLVM

http://reviews.llvm.org/D9584

Files:
  tools/llvm-as/llvm-as.cpp
  tools/llvm-dis/llvm-dis.cpp

Index: tools/llvm-as/llvm-as.cpp
===================================================================

--- tools/llvm-as/llvm-as.cpp
+++ tools/llvm-as/llvm-as.cpp
@@ -62,9 +62,10 @@
     if (InputFilename == "-") {
       OutputFilename = "-";
     } else {
-      std::string IFN = InputFilename;
+      const std::string &IFN = InputFilename;
       int Len = IFN.length();
-      if (IFN[Len-3] == '.' && IFN[Len-2] == 'l' && IFN[Len-1] == 'l') {
+      if (Len >= 3 && IFN[Len-3] == '.' && IFN[Len-2] == 'l' &&
+          IFN[Len-1] == 'l') {
         // Source ends in .ll
         OutputFilename = std::string(IFN.begin(), IFN.end()-3);
       } else {
Index: tools/llvm-dis/llvm-dis.cpp
===================================================================
--- tools/llvm-dis/llvm-dis.cpp
+++ tools/llvm-dis/llvm-dis.cpp
@@ -80,7 +80,8 @@
     if (!V.getType()->isVoidTy()) {
       OS.PadToColumn(50);
       Padded = true;
-      OS << "; [#uses=" << V.getNumUses() << " type=" << *V.getType() << "]";  // Output # uses and type
+      // Output # uses and type
+      OS << "; [#uses=" << V.getNumUses() << " type=" << *V.getType() << "]";
     }
     if (const Instruction *I = dyn_cast<Instruction>(&V)) {
       if (const DebugLoc &DL = I->getDebugLoc()) {
@@ -158,6 +159,9 @@
         getStreamedBitcodeModule(DisplayFilename, Streamer, Context);
     M = std::move(*MOrErr);
     M->materializeAllPermanently();
+  } else {
+    errs() << argv[0] << ": " << ErrorMessage << '\n';
+    return 1;
   }
 
   // Just use stdout.  We won't actually print anything on it.
@@ -171,10 +175,13 @@
       const std::string &IFN = InputFilename;
       int Len = IFN.length();
       // If the source ends in .bc, strip it off.
-      if (IFN[Len-3] == '.' && IFN[Len-2] == 'b' && IFN[Len-1] == 'c')
-        OutputFilename = std::string(IFN.begin(), IFN.end()-3)+".ll";
-      else
-        OutputFilename = IFN+".ll";
+      if (Len >= 3 && IFN[Len-3] == '.' && IFN[Len-2] == 'b' &&
+          IFN[Len-1] == 'c') {
+        OutputFilename = std::string(IFN.begin(), IFN.end()-3);
+      } else {
+        OutputFilename = IFN;
+      }
+      OutputFilename += ".ll";
     }
   }

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D9584.25254.patch
Type: text/x-patch
Size: 2184 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150507/80a509ea/attachment.bin>
