Error out when faced with value names containing '\0'

Bug found with afl-fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252048 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index c874a84e0cbe326305c40fb22df0a30058461768..522f2aa4707b6e873db86a8e5b4afaed82e37821 100644 (file)
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1749,7 +1749,10 @@ ErrorOr<Value *> BitcodeReader::recordValue(SmallVectorImpl<uint64_t> &Record,
     return error("Invalid record");
   Value *V = ValueList[ValueID];
 
-  V->setName(StringRef(ValueName.data(), ValueName.size()));
+  StringRef NameStr(ValueName.data(), ValueName.size());
+  if (NameStr.find_first_of(0) != StringRef::npos)
+    return error("Invalid value name");
+  V->setName(NameStr);
   auto *GO = dyn_cast<GlobalObject>(V);
   if (GO) {
     if (GO->getComdat() == reinterpret_cast<Comdat *>(1)) {

diff --git a/test/Bitcode/Inputs/invalid-name-with-0-byte.bc b/test/Bitcode/Inputs/invalid-name-with-0-byte.bc
new file mode 100644 (file)
index 0000000..9c6a915
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-name-with-0-byte.bc differ

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 24ccd8bccd5bd86ec9cb2167e28b761becaba2c5..3425adc841003ee8a126f76cdd742a614879aeb5 100644 (file)
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -212,3 +212,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-no-function-block.bc 2>&1 |
 RUN:   FileCheck --check-prefix=NO-FUNCTION-BLOCK %s
 
 NO-FUNCTION-BLOCK: Trying to materialize functions before seeing function blocks
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-name-with-0-byte.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=NAME-WITH-0 %s
+
+NAME-WITH-0: Invalid value name