[PATCH] D86500: Fix a 32-bit overflow issue when reading LTO-generated bitcode files whose strtab are of size > 2^29

Stephan Z via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Mon Aug 24 19:13:55 PDT 2020 

stephan.yichao.zhao updated this revision to Diff 287548.
stephan.yichao.zhao added a comment.

addressed comments


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D86500/new/

https://reviews.llvm.org/D86500

Files:
  llvm/lib/Bitstream/Reader/BitstreamReader.cpp


Index: llvm/lib/Bitstream/Reader/BitstreamReader.cpp
===================================================================
--- llvm/lib/Bitstream/Reader/BitstreamReader.cpp
+++ llvm/lib/Bitstream/Reader/BitstreamReader.cpp
@@ -156,8 +156,9 @@
         report_fatal_error("Array element type can't be an Array or a Blob");
       case BitCodeAbbrevOp::Fixed:
         assert((unsigned)EltEnc.getEncodingData() <= MaxChunkSize);
-        if (Error Err = JumpToBit(GetCurrentBitNo() +
-                                  NumElts * EltEnc.getEncodingData()))
+        if (Error Err =
+                JumpToBit(GetCurrentBitNo() + static_cast<uint64_t>(NumElts) *
+                                                  EltEnc.getEncodingData()))
           return std::move(Err);
         break;
       case BitCodeAbbrevOp::VBR:
@@ -186,7 +187,8 @@
     SkipToFourByteBoundary();  // 32-bit alignment
 
     // Figure out where the end of this blob will be including tail padding.
-    size_t NewEnd = GetCurrentBitNo()+((NumElts+3)&~3)*8;
+    const size_t NewEnd =
+        GetCurrentBitNo() + ((static_cast<uint64_t>(NumElts) + 3) & ~3) * 8;
 
     // If this would read off the end of the bitcode file, just set the
     // record to empty and return.
@@ -314,7 +316,8 @@
 
     // Figure out where the end of this blob will be including tail padding.
     size_t CurBitPos = GetCurrentBitNo();
-    size_t NewEnd = CurBitPos+((NumElts+3)&~3)*8;
+    const size_t NewEnd =
+        CurBitPos + ((static_cast<uint64_t>(NumElts) + 3) & ~3) * 8;
 
     // If this would read off the end of the bitcode file, just set the
     // record to empty and return.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D86500.287548.patch
Type: text/x-patch
Size: 1648 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200825/cd5d9bd2/attachment.bin>

More information about the llvm-commits mailing list