[BitcodeReader] Check vector size before trying to create a VectorType

Bug found with AFL fuzz

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238891 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 4044ac80f20330b3de2a72881f5145269b097b5f..9e5e46aae0b05d0699028bcca5552036fd48f67f 100644 (file)
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1497,6 +1497,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
     case bitc::TYPE_CODE_VECTOR:    // VECTOR: [numelts, eltty]
       if (Record.size() < 2)
         return Error("Invalid record");
+      if (Record[0] == 0)
+        return Error("Invalid vector length");
       ResultTy = getTypeByID(Record[1]);
       if (!ResultTy || !StructType::isValidElementType(ResultTy))
         return Error("Invalid type");

diff --git a/test/Bitcode/Inputs/invalid-vector-length.bc b/test/Bitcode/Inputs/invalid-vector-length.bc
new file mode 100644 (file)
index 0000000..94b13ed
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-vector-length.bc differ

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 43f7c77d598a546302389b5cc0ece27919dbb9fe..b120047e4518cd4ac0d2df9e8d0afd2ee5d86ffc 100644 (file)
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -192,3 +192,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-metadata-not-followed-named-
 RUN:   FileCheck --check-prefix=META-NOT-FOLLOWED-BY-NAMED-META %s
 
 META-NOT-FOLLOWED-BY-NAMED-META: METADATA_NAME not followed by METADATA_NAMED_NODE
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-length.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=VECTOR-LENGTH %s
+
+VECTOR-LENGTH: Invalid vector length