From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 4 Nov 2015 14:53:36 +0000 (+0000)
Subject: Error out when faced with value names containing '\0'
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=c3c89b471b2e30c85c37d17984e1260c56b6d06f;p=oota-llvm.git

Error out when faced with value names containing '\0'

Bug found with afl-fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252048 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index c874a84e0cb..522f2aa4707 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1749,7 +1749,10 @@ ErrorOr<Value *> BitcodeReader::recordValue(SmallVectorImpl<uint64_t> &Record,
     return error("Invalid record");
   Value *V = ValueList[ValueID];
 
-  V->setName(StringRef(ValueName.data(), ValueName.size()));
+  StringRef NameStr(ValueName.data(), ValueName.size());
+  if (NameStr.find_first_of(0) != StringRef::npos)
+    return error("Invalid value name");
+  V->setName(NameStr);
   auto *GO = dyn_cast<GlobalObject>(V);
   if (GO) {
     if (GO->getComdat() == reinterpret_cast<Comdat *>(1)) {
diff --git a/test/Bitcode/Inputs/invalid-name-with-0-byte.bc b/test/Bitcode/Inputs/invalid-name-with-0-byte.bc
new file mode 100644
index 00000000000..9c6a9158eee
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-name-with-0-byte.bc differ
diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 24ccd8bccd5..3425adc8410 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -212,3 +212,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-no-function-block.bc 2>&1 |
 RUN:   FileCheck --check-prefix=NO-FUNCTION-BLOCK %s
 
 NO-FUNCTION-BLOCK: Trying to materialize functions before seeing function blocks
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-name-with-0-byte.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=NAME-WITH-0 %s
+
+NAME-WITH-0: Invalid value name