[BitstreamReader] Make sure the Array operand type is an encoding

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238269 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Bitcode/Reader/BitstreamReader.cpp b/lib/Bitcode/Reader/BitstreamReader.cpp
index f57e077baa07521faa1bf7a11c822c5421a035f2..a103fbdf4a93a317710d171058b9788fb1f46148 100644 (file)
--- a/lib/Bitcode/Reader/BitstreamReader.cpp
+++ b/lib/Bitcode/Reader/BitstreamReader.cpp
@@ -203,6 +203,9 @@ unsigned BitstreamCursor::readRecord(unsigned AbbrevID,
       if (i + 2 != e)
         report_fatal_error("Array op not second to last");
       const BitCodeAbbrevOp &EltEnc = Abbv->getOperandInfo(++i);
+      if (!EltEnc.isEncoding())
+        report_fatal_error(
+            "Array element type has to be an encoding of a type");
       if (EltEnc.getEncoding() == BitCodeAbbrevOp::Array ||
           EltEnc.getEncoding() == BitCodeAbbrevOp::Blob)
         report_fatal_error("Array element type can't be an Array or a Blob");

diff --git a/test/Bitcode/Inputs/invalid-array-operand-encoding.bc b/test/Bitcode/Inputs/invalid-array-operand-encoding.bc
new file mode 100644 (file)
index 0000000..f7ec2eb
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-array-operand-encoding.bc differ

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 9c9d54fad6c373ac6f5fd4bca4de38a91059926c..5cdd25387b60079779c72982d6d21dbb1111251c 100644 (file)
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -177,3 +177,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-abbrev-no-operands.bc 2>&1 |
 RUN:   FileCheck --check-prefix=ABBREV-NO-OPS %s
 
 ABBREV-NO-OPS: Abbrev record with no operands
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-operand-encoding.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ARRAY-OP-ENC %s
+
+ARRAY-OP-ENC: Array element type has to be an encoding of a type