[LLVMdev] Fwd: Bitcode abbreviations for something that's not a record
Filipe Cabecinhas
filcab at gmail.com
Fri Jan 23 13:47:19 PST 2015
Hi all!
Fuzzing llvm's bitcode reader, I found a problem where the reader assumes
that the first field in an abbreviation will not be an array or a blob (and
asserts otherwise).
I don't know if this is expected (but not documented) or not. The
documentation, to me, reads like it doesn't disallow it, but we might be
assuming all abreviations start with a full record, which would make the
first operand never be an array or a blob.
The bug comes from r181639 (
http://llvm.org/klaus/llvm/commit/1197e38f3338b8db76f0fa38c2687c65b2bcea5c/),
which took the code to read the first argument and put it outside of the
loop, but didn't take the Array/Blob verification + reading code too (It's
a bug because that commit was supposed to not have changed functionality
:-) ).
This could be “fixed” with, either a report_fatal_error (if we eventually
have better error handling on that code, we can make that non-fatal and
report to the caller), or by hoisting the Array/Blob reading code out of
the loop too (actually, write a helper function).
What should be done about this?
Thanks,
Filipe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150123/63365075/attachment.html>
More information about the llvm-dev
mailing list