From: Filipe Cabecinhas Date: Wed, 27 May 2015 00:48:43 +0000 (+0000) Subject: [BitstreamReader] Make sure the Array operand type is an encoding X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=316f9e05ced58a19a4388ee8e3bf51f0372a0117;p=oota-llvm.git [BitstreamReader] Make sure the Array operand type is an encoding Bug found with AFL fuzz. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238269 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Bitcode/Reader/BitstreamReader.cpp b/lib/Bitcode/Reader/BitstreamReader.cpp index f57e077baa0..a103fbdf4a9 100644 --- a/lib/Bitcode/Reader/BitstreamReader.cpp +++ b/lib/Bitcode/Reader/BitstreamReader.cpp @@ -203,6 +203,9 @@ unsigned BitstreamCursor::readRecord(unsigned AbbrevID, if (i + 2 != e) report_fatal_error("Array op not second to last"); const BitCodeAbbrevOp &EltEnc = Abbv->getOperandInfo(++i); + if (!EltEnc.isEncoding()) + report_fatal_error( + "Array element type has to be an encoding of a type"); if (EltEnc.getEncoding() == BitCodeAbbrevOp::Array || EltEnc.getEncoding() == BitCodeAbbrevOp::Blob) report_fatal_error("Array element type can't be an Array or a Blob"); diff --git a/test/Bitcode/Inputs/invalid-array-operand-encoding.bc b/test/Bitcode/Inputs/invalid-array-operand-encoding.bc new file mode 100644 index 00000000000..f7ec2eb700a Binary files /dev/null and b/test/Bitcode/Inputs/invalid-array-operand-encoding.bc differ diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test index 9c9d54fad6c..5cdd25387b6 100644 --- a/test/Bitcode/invalid.test +++ b/test/Bitcode/invalid.test @@ -177,3 +177,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-abbrev-no-operands.bc 2>&1 | RUN: FileCheck --check-prefix=ABBREV-NO-OPS %s ABBREV-NO-OPS: Abbrev record with no operands + +RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-operand-encoding.bc 2>&1 | \ +RUN: FileCheck --check-prefix=ARRAY-OP-ENC %s + +ARRAY-OP-ENC: Array element type has to be an encoding of a type