From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 29 Apr 2015 01:27:01 +0000 (+0000)
Subject: Make sure that isValidElementType(Type) before calling {Array,Struct}Type::get(Type)
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=3b4a565b8a5848acd94fbe4c184d5ef2b6b15860;p=oota-llvm.git

Make sure that isValidElementType(Type) before calling {Array,Struct}Type::get(Type)

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236073 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 6656478754e..a381c30170e 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1474,7 +1474,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
     case bitc::TYPE_CODE_ARRAY:     // ARRAY: [numelts, eltty]
       if (Record.size() < 2)
         return Error("Invalid record");
-      if ((ResultTy = getTypeByID(Record[1])))
+      if ((ResultTy = getTypeByID(Record[1])) &&
+          StructType::isValidElementType(ResultTy))
         ResultTy = ArrayType::get(ResultTy, Record[0]);
       else
         return Error("Invalid type");
@@ -1482,7 +1483,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
     case bitc::TYPE_CODE_VECTOR:    // VECTOR: [numelts, eltty]
       if (Record.size() < 2)
         return Error("Invalid record");
-      if ((ResultTy = getTypeByID(Record[1])))
+      if ((ResultTy = getTypeByID(Record[1])) &&
+          StructType::isValidElementType(ResultTy))
         ResultTy = VectorType::get(ResultTy, Record[0]);
       else
         return Error("Invalid type");
diff --git a/test/Bitcode/Inputs/invalid-array-element-type.bc b/test/Bitcode/Inputs/invalid-array-element-type.bc
new file mode 100644
index 00000000000..3ce4ba2f77d
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-array-element-type.bc differ
diff --git a/test/Bitcode/Inputs/invalid-vector-element-type.bc b/test/Bitcode/Inputs/invalid-vector-element-type.bc
new file mode 100644
index 00000000000..9c6c625c918
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-vector-element-type.bc differ
diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 89cd0e908f0..6dfab58375e 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -98,3 +98,10 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-fwdref-type-mismatch.bc 2>&1
 RUN:   FileCheck --check-prefix=FWDREF-TYPE %s
 
 FWDREF-TYPE: Invalid record
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-element-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-element-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
+
+ELEMENT-TYPE: Invalid type