[llvm] 34cccda - [BitcodeReader] Validate Strtab before accessing.

Florian Hahn via llvm-commits llvm-commits at lists.llvm.org
Tue Jun 22 06:53:37 PDT 2021 

Author: Florian Hahn
Date: 2021-06-22T14:52:16+01:00
New Revision: 34cccdaed7e7952a9191231ffa62b1b22eac35c8

URL: https://github.com/llvm/llvm-project/commit/34cccdaed7e7952a9191231ffa62b1b22eac35c8
DIFF: https://github.com/llvm/llvm-project/commit/34cccdaed7e7952a9191231ffa62b1b22eac35c8.diff

LOG: [BitcodeReader] Validate Strtab before accessing.

This fixes a crash with invalid bitcode files that have records
referencing names in Strtab, but Strtab is not present or the index is
out-of-bounds.

This fixes the following clusterfuzz issue:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29895

Reviewed By: arsenm

Differential Revision: https://reviews.llvm.org/D95554

Added: 
    llvm/test/Bitcode/invalid-record-strtab.ll
    llvm/test/Bitcode/invalid-record-strtab.ll.bc

Modified: 
    llvm/lib/Bitcode/Reader/BitcodeReader.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index e002019cfcaeb..1631dc344bea6 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -3407,9 +3407,12 @@ Error BitcodeReader::parseFunctionRecord(ArrayRef<uint64_t> Record) {
 
   // Record[16] is the address space number.
 
-  // Check whether we have enough values to read a partition name.
-  if (Record.size() > 18)
+  // Check whether we have enough values to read a partition name. Also make
+  // sure Strtab has enough values.
+  if (Record.size() > 18 && Strtab.data() &&
+      Record[17] + Record[18] <= Strtab.size()) {
     Func->setPartition(StringRef(Strtab.data() + Record[17], Record[18]));
+  }
 
   ValueList.push_back(Func);
 

diff  --git a/llvm/test/Bitcode/invalid-record-strtab.ll b/llvm/test/Bitcode/invalid-record-strtab.ll
new file mode 100644
index 0000000000000..4973090595e47
--- /dev/null
+++ b/llvm/test/Bitcode/invalid-record-strtab.ll
@@ -0,0 +1,5 @@
+; Bitcode with an invalid record that indexes a name outside of strtab.
+
+; RUN: not llvm-dis %s.bc -o - 2>&1 | FileCheck %s
+
+; CHECK: error: Invalid record

diff  --git a/llvm/test/Bitcode/invalid-record-strtab.ll.bc b/llvm/test/Bitcode/invalid-record-strtab.ll.bc
new file mode 100644
index 0000000000000..8ff7e39649cc0
Binary files /dev/null and b/llvm/test/Bitcode/invalid-record-strtab.ll.bc 
diff er

More information about the llvm-commits mailing list