From: Filipe Cabecinhas <me@filcab.net>
Date: Sat, 16 May 2015 00:33:12 +0000 (+0000)
Subject: [BitcodeReader] Don't allow INSERTVAL/EXTRACTVAL with 0 indices
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=ddf553bb8da207108644125d58b8570dcf179e27;p=oota-llvm.git

[BitcodeReader] Don't allow INSERTVAL/EXTRACTVAL with 0 indices

This would trigger an assertion later.

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237494 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 743466051a1..e0800916c8c 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -3555,10 +3555,13 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) {
       if (getValueTypePair(Record, OpNum, NextValueNo, Agg))
         return Error("Invalid record");
 
+      unsigned RecSize = Record.size();
+      if (OpNum == RecSize)
+        return Error("EXTRACTVAL: Invalid instruction with 0 indices");
+
       SmallVector<unsigned, 4> EXTRACTVALIdx;
       Type *CurTy = Agg->getType();
-      for (unsigned RecSize = Record.size();
-           OpNum != RecSize; ++OpNum) {
+      for (; OpNum != RecSize; ++OpNum) {
         bool IsArray = CurTy->isArrayTy();
         bool IsStruct = CurTy->isStructTy();
         uint64_t Index = Record[OpNum];
@@ -3594,10 +3597,13 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) {
       if (getValueTypePair(Record, OpNum, NextValueNo, Val))
         return Error("Invalid record");
 
+      unsigned RecSize = Record.size();
+      if (OpNum == RecSize)
+        return Error("INSERTVAL: Invalid instruction with 0 indices");
+
       SmallVector<unsigned, 4> INSERTVALIdx;
       Type *CurTy = Agg->getType();
-      for (unsigned RecSize = Record.size();
-           OpNum != RecSize; ++OpNum) {
+      for (; OpNum != RecSize; ++OpNum) {
         bool IsArray = CurTy->isArrayTy();
         bool IsStruct = CurTy->isStructTy();
         uint64_t Index = Record[OpNum];
diff --git a/test/Bitcode/Inputs/invalid-extract-0-indices.bc b/test/Bitcode/Inputs/invalid-extract-0-indices.bc
new file mode 100644
index 00000000000..bfde5264502
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-extract-0-indices.bc differ
diff --git a/test/Bitcode/Inputs/invalid-insert-0-indices.bc b/test/Bitcode/Inputs/invalid-insert-0-indices.bc
new file mode 100644
index 00000000000..d7a91e1e448
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-insert-0-indices.bc differ
diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 2fe77989b2a..fbd1cb9f4d9 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -127,3 +127,13 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-GCTable-overflow.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=GCTABLE-OFLOW %s
 
 GCTABLE-OFLOW: Invalid ID
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-insert-0-indices.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INSERT-0-IDXS %s
+
+INSERT-0-IDXS: INSERTVAL: Invalid instruction with 0 indices
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-extract-0-indices.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=EXTRACT-0-IDXS %s
+
+EXTRACT-0-IDXS: EXTRACTVAL: Invalid instruction with 0 indices