From: Filipe Cabecinhas <me@filcab.net>
Date: Thu, 30 Apr 2015 01:13:31 +0000 (+0000)
Subject: Make sure Op->getType() is a PointerType before we cast<> it.
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=8b2199e2a28b75ff3edf36fc7157085da31301cf;p=oota-llvm.git

Make sure Op->getType() is a PointerType before we cast<> it.

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236193 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 7778125e2d4..456df6dab8e 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -4065,6 +4065,8 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) {
       Type *Ty = nullptr;
       if (OpNum + 3 == Record.size())
         Ty = getTypeByID(Record[OpNum++]);
+      if (!isa<PointerType>(Op->getType()))
+        return Error("Load operand is not a pointer type");
       if (!Ty)
         Ty = cast<PointerType>(Op->getType())->getElementType();
       else if (Ty != cast<PointerType>(Op->getType())->getElementType())
diff --git a/test/Bitcode/Inputs/invalid-load-pointer-type.bc b/test/Bitcode/Inputs/invalid-load-pointer-type.bc
new file mode 100644
index 00000000000..b6a56c55b3b
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-load-pointer-type.bc differ
diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 077f3515128..4aff5c00501 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -117,3 +117,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-too-big-fwdref.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=HUGE-FWDREF %s
 
 HUGE-FWDREF: Invalid record
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-load-pointer-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=LOAD-BAD-TYPE %s
+
+LOAD-BAD-TYPE: Load operand is not a pointer type