[llvm] r237494 - [BitcodeReader] Don't allow INSERTVAL/EXTRACTVAL with 0 indices
Filipe Cabecinhas
me at filcab.net
Fri May 15 17:33:13 PDT 2015
Author: filcab
Date: Fri May 15 19:33:12 2015
New Revision: 237494
URL: http://llvm.org/viewvc/llvm-project?rev=237494&view=rev
Log:
[BitcodeReader] Don't allow INSERTVAL/EXTRACTVAL with 0 indices
This would trigger an assertion later.
Bug found with AFL fuzz.
Added:
llvm/trunk/test/Bitcode/Inputs/invalid-extract-0-indices.bc
llvm/trunk/test/Bitcode/Inputs/invalid-insert-0-indices.bc
Modified:
llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
llvm/trunk/test/Bitcode/invalid.test
Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=237494&r1=237493&r2=237494&view=diff
==============================================================================
--- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)
+++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Fri May 15 19:33:12 2015
@@ -3555,10 +3555,13 @@ std::error_code BitcodeReader::ParseFunc
if (getValueTypePair(Record, OpNum, NextValueNo, Agg))
return Error("Invalid record");
+ unsigned RecSize = Record.size();
+ if (OpNum == RecSize)
+ return Error("EXTRACTVAL: Invalid instruction with 0 indices");
+
SmallVector<unsigned, 4> EXTRACTVALIdx;
Type *CurTy = Agg->getType();
- for (unsigned RecSize = Record.size();
- OpNum != RecSize; ++OpNum) {
+ for (; OpNum != RecSize; ++OpNum) {
bool IsArray = CurTy->isArrayTy();
bool IsStruct = CurTy->isStructTy();
uint64_t Index = Record[OpNum];
@@ -3594,10 +3597,13 @@ std::error_code BitcodeReader::ParseFunc
if (getValueTypePair(Record, OpNum, NextValueNo, Val))
return Error("Invalid record");
+ unsigned RecSize = Record.size();
+ if (OpNum == RecSize)
+ return Error("INSERTVAL: Invalid instruction with 0 indices");
+
SmallVector<unsigned, 4> INSERTVALIdx;
Type *CurTy = Agg->getType();
- for (unsigned RecSize = Record.size();
- OpNum != RecSize; ++OpNum) {
+ for (; OpNum != RecSize; ++OpNum) {
bool IsArray = CurTy->isArrayTy();
bool IsStruct = CurTy->isStructTy();
uint64_t Index = Record[OpNum];
Added: llvm/trunk/test/Bitcode/Inputs/invalid-extract-0-indices.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-extract-0-indices.bc?rev=237494&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-extract-0-indices.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-extract-0-indices.bc Fri May 15 19:33:12 2015 differ
Added: llvm/trunk/test/Bitcode/Inputs/invalid-insert-0-indices.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-insert-0-indices.bc?rev=237494&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-insert-0-indices.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-insert-0-indices.bc Fri May 15 19:33:12 2015 differ
Modified: llvm/trunk/test/Bitcode/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=237494&r1=237493&r2=237494&view=diff
==============================================================================
--- llvm/trunk/test/Bitcode/invalid.test (original)
+++ llvm/trunk/test/Bitcode/invalid.test Fri May 15 19:33:12 2015
@@ -127,3 +127,13 @@ RUN: not llvm-dis -disable-output %p/Inp
RUN: FileCheck --check-prefix=GCTABLE-OFLOW %s
GCTABLE-OFLOW: Invalid ID
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-insert-0-indices.bc 2>&1 | \
+RUN: FileCheck --check-prefix=INSERT-0-IDXS %s
+
+INSERT-0-IDXS: INSERTVAL: Invalid instruction with 0 indices
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-extract-0-indices.bc 2>&1 | \
+RUN: FileCheck --check-prefix=EXTRACT-0-IDXS %s
+
+EXTRACT-0-IDXS: EXTRACTVAL: Invalid instruction with 0 indices
More information about the llvm-commits
mailing list