[llvm] [BitcodeReader] Add bounds checking on Strtab (PR #76403)

via llvm-commits llvm-commits at lists.llvm.org
Tue Dec 26 13:45:40 PST 2023 

https://github.com/DavidKorczynski updated https://github.com/llvm/llvm-project/pull/76403

>From 3215b01bea5722f9e5940d395a88d1e49107811a Mon Sep 17 00:00:00 2001
From: David Korczynski <david at adalogics.com>
Date: Tue, 26 Dec 2023 11:47:21 -0800
Subject: [PATCH 1/2] [BitcodeReader] Add bounds checking on Strtab

This is needed to protect against global overflows, which was found by a
fuzzer recently.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65283

Signed-off-by: David Korczynski <david at adalogics.com>
---
 llvm/lib/Bitcode/Reader/BitcodeReader.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 8907f6fa4ff3fd..77896f6f99d338 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -4218,6 +4218,10 @@ Error BitcodeReader::parseGlobalIndirectSymbolRecord(
 
   // Check whether we have enough values to read a partition name.
   if (OpNum + 1 < Record.size()) {
+    // Check Strtab has enough values for the partition.
+    if (Record[OpNum] + Record[OpNum + 1] > Strtab.size()) {
+      return error("Malformed partition, too large.");
+    }
     NewGA->setPartition(
         StringRef(Strtab.data() + Record[OpNum], Record[OpNum + 1]));
     OpNum += 2;

>From 0dc208d948798a6af5fae1d1fe5420b9d9d33115 Mon Sep 17 00:00:00 2001
From: David Korczynski <david at adalogics.com>
Date: Tue, 26 Dec 2023 21:45:20 +0000
Subject: [PATCH 2/2] [BitcodeReader] fix style

Signed-off-by: David Korczynski <david at adalogics.com>
---
 llvm/lib/Bitcode/Reader/BitcodeReader.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 77896f6f99d338..a027d0c21ba0bb 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -4219,9 +4219,8 @@ Error BitcodeReader::parseGlobalIndirectSymbolRecord(
   // Check whether we have enough values to read a partition name.
   if (OpNum + 1 < Record.size()) {
     // Check Strtab has enough values for the partition.
-    if (Record[OpNum] + Record[OpNum + 1] > Strtab.size()) {
+    if (Record[OpNum] + Record[OpNum + 1] > Strtab.size())
       return error("Malformed partition, too large.");
-    }
     NewGA->setPartition(
         StringRef(Strtab.data() + Record[OpNum], Record[OpNum + 1]));
     OpNum += 2;

More information about the llvm-commits mailing list