From 1897b5c08c96777547de1c71e617757314a991ca Mon Sep 17 00:00:00 2001 From: Filipe Cabecinhas Date: Fri, 30 Jan 2015 18:13:50 +0000 Subject: [PATCH] Check bit widths before trying to get a type. Added a test case for it. Also added run lines for the test case in r227566. Bugs found with afl-fuzz git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227589 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Bitcode/Reader/BitcodeReader.cpp | 9 +++++++-- test/Bitcode/Inputs/invalid-bitwidth.bc | Bin 0 -> 224 bytes test/Bitcode/invalid.test | 6 ++++++ 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 test/Bitcode/Inputs/invalid-bitwidth.bc diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp index c3589bce398..0af344ab557 100644 --- a/lib/Bitcode/Reader/BitcodeReader.cpp +++ b/lib/Bitcode/Reader/BitcodeReader.cpp @@ -950,12 +950,17 @@ std::error_code BitcodeReader::ParseTypeTableBody() { case bitc::TYPE_CODE_X86_MMX: // X86_MMX ResultTy = Type::getX86_MMXTy(Context); break; - case bitc::TYPE_CODE_INTEGER: // INTEGER: [width] + case bitc::TYPE_CODE_INTEGER: { // INTEGER: [width] if (Record.size() < 1) return Error("Invalid record"); - ResultTy = IntegerType::get(Context, Record[0]); + uint64_t NumBits = Record[0]; + if (NumBits < IntegerType::MIN_INT_BITS || + NumBits > IntegerType::MAX_INT_BITS) + return Error("Bitwidth for integer type out of range"); + ResultTy = IntegerType::get(Context, NumBits); break; + } case bitc::TYPE_CODE_POINTER: { // POINTER: [pointee type] or // [pointee type, address space] if (Record.size() < 1) diff --git a/test/Bitcode/Inputs/invalid-bitwidth.bc b/test/Bitcode/Inputs/invalid-bitwidth.bc new file mode 100644 index 0000000000000000000000000000000000000000..e9028f71e5fd509878e873ecfd54f7203d19fefc GIT binary patch literal 224 zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJBDQ@f1rK#{|nm zN(UwY-NWKMh2?)e&@2YQW(J1Mf`=FwB=}f>Ts9zP4-hyjlBlK-vsF|;Q1NP-gG);a JGe|8I005UqGSL74 literal 0 HcmV?d00001 diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test index 19ef3267cc6..3eaa0394dba 100644 --- a/test/Bitcode/invalid.test +++ b/test/Bitcode/invalid.test @@ -6,8 +6,14 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-unexpected-eof.bc 2>&1 | \ RUN: FileCheck --check-prefix=UNEXPECTED-EOF %s RUN: not llvm-dis -disable-output %p/Inputs/invalid-bad-abbrev-number.bc 2>&1 | \ RUN: FileCheck --check-prefix=BAD-ABBREV-NUMBER %s +RUN: not llvm-dis -disable-output %p/Inputs/invalid-type-table-forward-ref.bc 2>&1 | \ +RUN: FileCheck --check-prefix=BAD-TYPE-TABLE-FORWARD-REF %s +RUN: not llvm-dis -disable-output %p/Inputs/invalid-bitwidth.bc 2>&1 | \ +RUN: FileCheck --check-prefix=BAD-BITWIDTH %s INVALID-ENCODING: Invalid encoding BAD-ABBREV: Abbreviation starts with an Array or a Blob UNEXPECTED-EOF: Unexpected end of file BAD-ABBREV-NUMBER: Invalid abbrev number +BAD-TYPE-TABLE-FORWARD-REF: Invalid TYPE table: Only named structs can be forward referenced +BAD-BITWIDTH: Bitwidth for integer type out of range -- 2.34.1