[llvm] [NativePDB] Fix crash in llvm-pdbutil (PR #164871)

Vladimir Gorsunov via llvm-commits llvm-commits at lists.llvm.org
Thu Oct 23 11:39:26 PDT 2025 

https://github.com/gv created https://github.com/llvm/llvm-project/pull/164871

Fix out of buffer read when value of --type-index was too big

>From 9613917bcfc4d29fb3a0cc1fa14e9864f8ca400d Mon Sep 17 00:00:00 2001
From: Vladimir Gorsunov <gorsunov at gmail.com>
Date: Thu, 23 Oct 2025 21:35:51 +0300
Subject: [PATCH] [NativePDB] Fix crash in llvm-pdbutil

Fix out of buffer read when value of --type-index was too big
---
 .../DebugInfo/CodeView/LazyRandomTypeCollection.cpp    |  2 ++
 .../PDB/Native/pdb-native-index-overflow.test          | 10 ++++++++++
 2 files changed, 12 insertions(+)
 create mode 100755 llvm/test/DebugInfo/PDB/Native/pdb-native-index-overflow.test

diff --git a/llvm/lib/DebugInfo/CodeView/LazyRandomTypeCollection.cpp b/llvm/lib/DebugInfo/CodeView/LazyRandomTypeCollection.cpp
index 6c23ba8f3c466..69b9597f4f811 100644
--- a/llvm/lib/DebugInfo/CodeView/LazyRandomTypeCollection.cpp
+++ b/llvm/lib/DebugInfo/CodeView/LazyRandomTypeCollection.cpp
@@ -194,6 +194,8 @@ Error LazyRandomTypeCollection::visitRangeForType(TypeIndex TI) {
   }
 
   visitRange(TIB, Prev->Offset, TIE);
+  if (Records.size() <= TI.toArrayIndex())
+    return make_error<CodeViewError>("Type index too big");
   return Error::success();
 }
 
diff --git a/llvm/test/DebugInfo/PDB/Native/pdb-native-index-overflow.test b/llvm/test/DebugInfo/PDB/Native/pdb-native-index-overflow.test
new file mode 100755
index 0000000000000..230a53903f425
--- /dev/null
+++ b/llvm/test/DebugInfo/PDB/Native/pdb-native-index-overflow.test
@@ -0,0 +1,10 @@
+; Test that the native PDB reader isn't crashed by index value bigger than
+; number of types in TPI stream
+; RUN: llvm-pdbutil dump %p/../Inputs/empty.pdb --type-index=20000000\
+; RUN:   | FileCheck -check-prefix=NOT_FOUND %s
+
+NOT_FOUND:                     Types (TPI Stream)                     
+NOT_FOUND:============================================================
+NOT_FOUND:  Showing 1 records.
+NOT_FOUND:  Type 0x1312D00 doesn't exist in TPI stream
+

More information about the llvm-commits mailing list