[llvm] 0c553bf - [Bitcode] Guard against out of bounds value reference

Nikita Popov via llvm-commits llvm-commits at lists.llvm.org
Mon Feb 7 03:16:27 PST 2022 

Author: Nikita Popov
Date: 2022-02-07T12:16:13+01:00
New Revision: 0c553bff8e76ebfbf9cd4e94ff565018ed1ff0c1

URL: https://github.com/llvm/llvm-project/commit/0c553bff8e76ebfbf9cd4e94ff565018ed1ff0c1
DIFF: https://github.com/llvm/llvm-project/commit/0c553bff8e76ebfbf9cd4e94ff565018ed1ff0c1.diff

LOG: [Bitcode] Guard against out of bounds value reference

We should make sure that the value ID is in bounds, otherwise
we will assert / read out of bounds.

Added: 
    llvm/test/Bitcode/Inputs/invalid-value-symbol-table.bc

Modified: 
    llvm/lib/Bitcode/Reader/BitcodeReader.cpp
    llvm/test/Bitcode/invalid.test

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 308986a588f4..c24dcf030deb 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -2107,11 +2107,15 @@ Error BitcodeReader::parseGlobalValueSymbolTable() {
     if (!MaybeRecord)
       return MaybeRecord.takeError();
     switch (MaybeRecord.get()) {
-    case bitc::VST_CODE_FNENTRY: // [valueid, offset]
+    case bitc::VST_CODE_FNENTRY: { // [valueid, offset]
+      unsigned ValueID = Record[0];
+      if (ValueID >= ValueList.size() || !ValueList[ValueID])
+        return error("Invalid value reference in symbol table");
       setDeferredFunctionInfo(FuncBitcodeOffsetDelta,
-                              cast<Function>(ValueList[Record[0]]), Record);
+                              cast<Function>(ValueList[ValueID]), Record);
       break;
     }
+    }
   }
 }
 

diff  --git a/llvm/test/Bitcode/Inputs/invalid-value-symbol-table.bc b/llvm/test/Bitcode/Inputs/invalid-value-symbol-table.bc
new file mode 100644
index 000000000000..509133ef46cd
Binary files /dev/null and b/llvm/test/Bitcode/Inputs/invalid-value-symbol-table.bc 
diff er

diff  --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test
index 7dabafdb6d0c..32f93ab160e9 100644
--- a/llvm/test/Bitcode/invalid.test
+++ b/llvm/test/Bitcode/invalid.test
@@ -266,3 +266,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/unterminated-blob.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=UNTERMINATED-BLOB %s
 
 UNTERMINATED-BLOB: Blob ends too soon
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-value-symbol-table.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-VALUE-SYMBOL-TABLE %s
+
+INVALID-VALUE-SYMBOL-TABLE: Invalid value reference in symbol table

More information about the llvm-commits mailing list