From: Filipe Cabecinhas Date: Thu, 23 Apr 2015 13:38:21 +0000 (+0000) Subject: Be more strict about the operand for the array type in BitcodeReader X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=023602239049dfeaa6eb898ddad9cfce790dc16e;p=oota-llvm.git Be more strict about the operand for the array type in BitcodeReader Summary: Bug found with AFL fuzz. Reviewers: rafael Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D9016 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@235596 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Bitcode/Reader/BitstreamReader.cpp b/lib/Bitcode/Reader/BitstreamReader.cpp index ff37b8e4cfc..2f34532ae93 100644 --- a/lib/Bitcode/Reader/BitstreamReader.cpp +++ b/lib/Bitcode/Reader/BitstreamReader.cpp @@ -201,6 +201,9 @@ unsigned BitstreamCursor::readRecord(unsigned AbbrevID, // Get the element encoding. assert(i+2 == e && "array op not second to last?"); const BitCodeAbbrevOp &EltEnc = Abbv->getOperandInfo(++i); + if (EltEnc.getEncoding() == BitCodeAbbrevOp::Array || + EltEnc.getEncoding() == BitCodeAbbrevOp::Blob) + report_fatal_error("Array element type can't be an Array or a Blob"); // Read all the elements. for (; NumElts; --NumElts) diff --git a/test/Bitcode/Inputs/invalid-array-type.bc b/test/Bitcode/Inputs/invalid-array-type.bc new file mode 100644 index 00000000000..3a4b635dd0e Binary files /dev/null and b/test/Bitcode/Inputs/invalid-array-type.bc differ diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test index b6c2ed3e8d6..1d8e14230ff 100644 --- a/test/Bitcode/invalid.test +++ b/test/Bitcode/invalid.test @@ -73,3 +73,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-abbrev-fixed-size-too-big.bc RUN: FileCheck --check-prefix=HUGE-ABBREV-OP %s HUGE-ABBREV-OP: Fixed or VBR abbrev record with size > MaxChunkData + +RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-type.bc 2>&1 | \ +RUN: FileCheck --check-prefix=ARRAY-TYPE %s + +ARRAY-TYPE: Array element type can't be an Array or a Blob