[llvm] r237646 - [BitcodeReader] It's a malformed block if CodeLenWidth is too big

Filipe Cabecinhas me at filcab.net
Mon May 18 17:34:17 PDT 2015 

Author: filcab
Date: Mon May 18 19:34:17 2015
New Revision: 237646

URL: http://llvm.org/viewvc/llvm-project?rev=237646&view=rev
Log:
[BitcodeReader] It's a malformed block if CodeLenWidth is too big

Bug found with AFL fuzz.

Added:
    llvm/trunk/test/Bitcode/Inputs/invalid-code-len-width.bc
Modified:
    llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp
    llvm/trunk/test/Bitcode/invalid.test

Modified: llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp?rev=237646&r1=237645&r2=237646&view=diff
==============================================================================
--- llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp (original)
+++ llvm/trunk/lib/Bitcode/Reader/BitstreamReader.cpp Mon May 18 19:34:17 2015
@@ -39,6 +39,10 @@ bool BitstreamCursor::EnterSubBlock(unsi
 
   // Get the codesize of this block.
   CurCodeSize = ReadVBR(bitc::CodeLenWidth);
+  // We can't read more than MaxChunkSize at a time
+  if (CurCodeSize > MaxChunkSize)
+    return true;
+
   SkipToFourByteBoundary();
   unsigned NumWords = Read(bitc::BlockSizeWidth);
   if (NumWordsP) *NumWordsP = NumWords;

Added: llvm/trunk/test/Bitcode/Inputs/invalid-code-len-width.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-code-len-width.bc?rev=237646&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-code-len-width.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-code-len-width.bc Mon May 18 19:34:17 2015 differ

Modified: llvm/trunk/test/Bitcode/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=237646&r1=237645&r2=237646&view=diff
==============================================================================
--- llvm/trunk/test/Bitcode/invalid.test (original)
+++ llvm/trunk/test/Bitcode/invalid.test Mon May 18 19:34:17 2015
@@ -147,3 +147,8 @@ RUN: not llvm-dis -disable-output %p/Inp
 RUN:   FileCheck --check-prefix=INSERT-TYPE-MISMATCH %s
 
 INSERT-TYPE-MISMATCH: Inserted value type doesn't match aggregate type
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-code-len-width.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-CODELENWIDTH %s
+
+INVALID-CODELENWIDTH: Malformed block

More information about the llvm-commits mailing list