Relax an assert when there's a type mismatch in forward references

Summary:
We don't seem to need to assert here, since this function's callers expect
to get a nullptr on error. This way we don't assert on user input.

Bug found with AFL fuzz.

Reviewers: rafael

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9308

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236027 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 35e98c017601b5195b6d7cf050ef124149a6b395..6656478754ee687b3258b0dd6792c362b2ff9662 100644 (file)
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -794,7 +794,9 @@ Value *BitcodeReaderValueList::getValueFwdRef(unsigned Idx, Type *Ty) {
     resize(Idx + 1);
 
   if (Value *V = ValuePtrs[Idx]) {
-    assert((!Ty || Ty == V->getType()) && "Type mismatch in value table!");
+    // If the types don't match, it's invalid.
+    if (Ty && Ty != V->getType())
+      return nullptr;
     return V;
   }
 

diff --git a/test/Bitcode/Inputs/invalid-fwdref-type-mismatch.bc b/test/Bitcode/Inputs/invalid-fwdref-type-mismatch.bc
new file mode 100644 (file)
index 0000000..d1c9560
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-fwdref-type-mismatch.bc differ

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 0bed40b238fedbe975d6032871b059b42a9cad2c..89cd0e908f072e9c4282616512844000b28a73c9 100644 (file)
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -93,3 +93,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-non-vector-shufflevector.bc
 RUN:   FileCheck --check-prefix=INVALID-TYPE %s
 
 INVALID-TYPE: Invalid type for value
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-fwdref-type-mismatch.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=FWDREF-TYPE %s
+
+FWDREF-TYPE: Invalid record