[llvm] 6d52ea8 - [Bitcode] Prevent OOB read for invalid name size

Nikita Popov via llvm-commits llvm-commits at lists.llvm.org
Tue Feb 8 00:49:50 PST 2022 

Author: Nikita Popov
Date: 2022-02-08T09:49:39+01:00
New Revision: 6d52ea885fb2d2c79fb1fa8062a92ab6c5adc734

URL: https://github.com/llvm/llvm-project/commit/6d52ea885fb2d2c79fb1fa8062a92ab6c5adc734
DIFF: https://github.com/llvm/llvm-project/commit/6d52ea885fb2d2c79fb1fa8062a92ab6c5adc734.diff

LOG: [Bitcode] Prevent OOB read for invalid name size

Added: 
    llvm/test/Bitcode/Inputs/comdat-name-too-large.bc

Modified: 
    llvm/lib/Bitcode/Reader/BitcodeReader.cpp
    llvm/test/Bitcode/invalid.test

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 66f2dccbf6951..93bff3061d496 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -3243,6 +3243,8 @@ Error BitcodeReader::parseComdatRecord(ArrayRef<uint64_t> Record) {
     if (Record.size() < 2)
       return error("Invalid record");
     unsigned ComdatNameSize = Record[1];
+    if (ComdatNameSize > Record.size() - 2)
+      return error("Comdat name size too large");
     OldFormatName.reserve(ComdatNameSize);
     for (unsigned i = 0; i != ComdatNameSize; ++i)
       OldFormatName += (char)Record[2 + i];

diff  --git a/llvm/test/Bitcode/Inputs/comdat-name-too-large.bc b/llvm/test/Bitcode/Inputs/comdat-name-too-large.bc
new file mode 100644
index 0000000000000..f1ee09515eb25
Binary files /dev/null and b/llvm/test/Bitcode/Inputs/comdat-name-too-large.bc 
diff er

diff  --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test
index 8af940d5606aa..6d2d2f25adc2f 100644
--- a/llvm/test/Bitcode/invalid.test
+++ b/llvm/test/Bitcode/invalid.test
@@ -271,3 +271,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/unterminated-vbr.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=UNTERMINATED-VBR %s
 
 UNTERMINATED-VBR: Unterminated VBR
+
+RUN: not llvm-dis -disable-output %p/Inputs/comdat-name-too-large.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=COMDAT-NAME-TOO-LARGE %s
+
+COMDAT-NAME-TOO-LARGE: Comdat name size too large

More information about the llvm-commits mailing list