[PATCH] D11656: Fix bitcode parser to check ValueAsMetaData::get calls.
Karl Schimpf
kschimpf at google.com
Thu Jul 30 10:52:21 PDT 2015
kschimpf created this revision.
kschimpf added reviewers: dschuff, jvoung, rafael, filcab.
kschimpf added a subscriber: llvm-commits.
Using fuzzing, detected an assertion failure on calls to
ValueAsMetaData::get. This method asserts that the argument
must be non-null. Fixes callers in bitcode reader to check
and generate appropriate error if null.
http://reviews.llvm.org/D11656
Files:
lib/Bitcode/Reader/BitcodeReader.cpp
test/Bitcode/Inputs/invalid-meta-old-node-ref.bc
test/Bitcode/invalid.test
Index: test/Bitcode/invalid.test
===================================================================
--- test/Bitcode/invalid.test
+++ test/Bitcode/invalid.test
@@ -202,3 +202,8 @@
RUN: FileCheck --check-prefix=ALIAS-TYPE-MISMATCH %s
ALIAS-TYPE-MISMATCH: Alias and aliasee types don't match
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-meta-old-node-ref.bc 2>&1 | \
+RUN: FileCheck --check-prefix=BAD-META-OLD-NODE-REF %s
+
+BAD-META-OLD-NODE-REF: Invalid record
Index: lib/Bitcode/Reader/BitcodeReader.cpp
===================================================================
--- lib/Bitcode/Reader/BitcodeReader.cpp
+++ lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1701,8 +1701,10 @@
if (Ty->isMetadataTy())
Elts.push_back(MDValueList.getValueFwdRef(Record[i+1]));
else if (!Ty->isVoidTy()) {
- auto *MD =
- ValueAsMetadata::get(ValueList.getValueFwdRef(Record[i + 1], Ty));
+ Value *Val = ValueList.getValueFwdRef(Record[i + 1], Ty);
+ if (Val == nullptr)
+ return error("Invalid record");
+ auto *MD = ValueAsMetadata::get(Val);
assert(isa<ConstantAsMetadata>(MD) &&
"Expected non-function-local metadata");
Elts.push_back(MD);
@@ -1720,9 +1722,10 @@
if (Ty->isMetadataTy() || Ty->isVoidTy())
return error("Invalid record");
- MDValueList.assignValue(
- ValueAsMetadata::get(ValueList.getValueFwdRef(Record[1], Ty)),
- NextMDValueNo++);
+ Value *Val = ValueList.getValueFwdRef(Record[1], Ty);
+ if (Val == nullptr)
+ return error("Invalid record");
+ MDValueList.assignValue(ValueAsMetadata::get(Val), NextMDValueNo++);
break;
}
case bitc::METADATA_DISTINCT_NODE:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D11656.31052.patch
Type: text/x-patch
Size: 1789 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150730/4cfb5255/attachment.bin>
More information about the llvm-commits
mailing list