[llvm] r238261 - [BitcodeReader] Sanity check on Comdat ID
Filipe Cabecinhas
me at filcab.net
Tue May 26 16:00:56 PDT 2015
Author: filcab
Date: Tue May 26 18:00:56 2015
New Revision: 238261
URL: http://llvm.org/viewvc/llvm-project?rev=238261&view=rev
Log:
[BitcodeReader] Sanity check on Comdat ID
Shouldn't be an assert, since user input can trigger it.
Bug found with AFL fuzz.
Added:
llvm/trunk/test/Bitcode/Inputs/invalid-function-comdat-id.bc
llvm/trunk/test/Bitcode/Inputs/invalid-global-var-comdat-id.bc
Modified:
llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
llvm/trunk/test/Bitcode/invalid.test
Modified: llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp?rev=238261&r1=238260&r2=238261&view=diff
==============================================================================
--- llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp (original)
+++ llvm/trunk/lib/Bitcode/Reader/BitcodeReader.cpp Tue May 26 18:00:56 2015
@@ -2956,7 +2956,8 @@ std::error_code BitcodeReader::ParseModu
if (Record.size() > 11) {
if (unsigned ComdatID = Record[11]) {
- assert(ComdatID <= ComdatList.size());
+ if (ComdatID > ComdatList.size())
+ return Error("Invalid global variable comdat ID");
NewGV->setComdat(ComdatList[ComdatID - 1]);
}
} else if (hasImplicitComdat(RawLinkage)) {
@@ -3020,7 +3021,8 @@ std::error_code BitcodeReader::ParseModu
if (Record.size() > 12) {
if (unsigned ComdatID = Record[12]) {
- assert(ComdatID <= ComdatList.size());
+ if (ComdatID > ComdatList.size())
+ return Error("Invalid function comdat ID");
Func->setComdat(ComdatList[ComdatID - 1]);
}
} else if (hasImplicitComdat(RawLinkage)) {
Added: llvm/trunk/test/Bitcode/Inputs/invalid-function-comdat-id.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-function-comdat-id.bc?rev=238261&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-function-comdat-id.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-function-comdat-id.bc Tue May 26 18:00:56 2015 differ
Added: llvm/trunk/test/Bitcode/Inputs/invalid-global-var-comdat-id.bc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/Inputs/invalid-global-var-comdat-id.bc?rev=238261&view=auto
==============================================================================
Binary files llvm/trunk/test/Bitcode/Inputs/invalid-global-var-comdat-id.bc (added) and llvm/trunk/test/Bitcode/Inputs/invalid-global-var-comdat-id.bc Tue May 26 18:00:56 2015 differ
Modified: llvm/trunk/test/Bitcode/invalid.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Bitcode/invalid.test?rev=238261&r1=238260&r2=238261&view=diff
==============================================================================
--- llvm/trunk/test/Bitcode/invalid.test (original)
+++ llvm/trunk/test/Bitcode/invalid.test Tue May 26 18:00:56 2015
@@ -162,3 +162,13 @@ RUN: not llvm-dis -disable-output %p/Inp
RUN: FileCheck --check-prefix=STREAMING-BLOB %s
STREAMING-BLOB: getPointer in streaming memory objects not allowed
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-function-comdat-id.bc 2>&1 | \
+RUN: FileCheck --check-prefix=INVALID-FCOMDAT-ID %s
+
+INVALID-FCOMDAT-ID: Invalid function comdat ID
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-global-var-comdat-id.bc 2>&1 | \
+RUN: FileCheck --check-prefix=INVALID-GVCOMDAT-ID %s
+
+INVALID-GVCOMDAT-ID: Invalid global variable comdat ID
More information about the llvm-commits
mailing list