From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 15 Apr 2015 08:48:08 +0000 (+0000)
Subject: Verify sizes when trying to read a VBR
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=4c0055402f2c82d54555c98d24e2ea1a8abbe1f5;p=oota-llvm.git

Verify sizes when trying to read a VBR

Also added an assert to ReadVBR64.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@234984 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/include/llvm/Bitcode/BitstreamReader.h b/include/llvm/Bitcode/BitstreamReader.h
index 18f6b9e011e..bae816675c0 100644
--- a/include/llvm/Bitcode/BitstreamReader.h
+++ b/include/llvm/Bitcode/BitstreamReader.h
@@ -395,6 +395,7 @@ public:
   // Read a VBR that may have a value up to 64-bits in size. The chunk size of
   // the VBR must still be <= 32 bits though.
   uint64_t ReadVBR64(unsigned NumBits) {
+    assert(NumBits <= 64 && "VBR can only be up to 64 bits in size.");
     uint32_t Piece = Read(NumBits);
     if ((Piece & (1U << (NumBits-1))) == 0)
       return uint64_t(Piece);
diff --git a/lib/Bitcode/Reader/BitstreamReader.cpp b/lib/Bitcode/Reader/BitstreamReader.cpp
index beaaf7a7d66..6e3bea1e87b 100644
--- a/lib/Bitcode/Reader/BitstreamReader.cpp
+++ b/lib/Bitcode/Reader/BitstreamReader.cpp
@@ -62,6 +62,8 @@ static uint64_t readAbbreviatedField(BitstreamCursor &Cursor,
   case BitCodeAbbrevOp::Fixed:
     return Cursor.Read((unsigned)Op.getEncodingData());
   case BitCodeAbbrevOp::VBR:
+    if ((unsigned)Op.getEncodingData() > 64)
+      report_fatal_error("Invalid record");
     return Cursor.ReadVBR64((unsigned)Op.getEncodingData());
   case BitCodeAbbrevOp::Char6:
     return BitCodeAbbrevOp::DecodeChar6(Cursor.Read(6));
diff --git a/test/Bitcode/Inputs/invalid-VBR-too-big.bc b/test/Bitcode/Inputs/invalid-VBR-too-big.bc
new file mode 100644
index 00000000000..35d00ba154b
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-VBR-too-big.bc differ
diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 9cab227ab19..59543d2ae79 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -55,3 +55,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-no-proper-module.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=NO-MODULE %s
 
 NO-MODULE: Malformed IR file
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-VBR-too-big.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=HUGE-VBR %s
+
+HUGE-VBR: Invalid record