From 316f9e05ced58a19a4388ee8e3bf51f0372a0117 Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 27 May 2015 00:48:43 +0000
Subject: [PATCH] [BitstreamReader] Make sure the Array operand type is an
 encoding

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238269 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Bitcode/Reader/BitstreamReader.cpp            |   3 +++
 .../Inputs/invalid-array-operand-encoding.bc      | Bin 0 -> 579 bytes
 test/Bitcode/invalid.test                         |   5 +++++
 3 files changed, 8 insertions(+)
 create mode 100644 test/Bitcode/Inputs/invalid-array-operand-encoding.bc

diff --git a/lib/Bitcode/Reader/BitstreamReader.cpp b/lib/Bitcode/Reader/BitstreamReader.cpp
index f57e077baa0..a103fbdf4a9 100644
--- a/lib/Bitcode/Reader/BitstreamReader.cpp
+++ b/lib/Bitcode/Reader/BitstreamReader.cpp
@@ -203,6 +203,9 @@ unsigned BitstreamCursor::readRecord(unsigned AbbrevID,
       if (i + 2 != e)
         report_fatal_error("Array op not second to last");
       const BitCodeAbbrevOp &EltEnc = Abbv->getOperandInfo(++i);
+      if (!EltEnc.isEncoding())
+        report_fatal_error(
+            "Array element type has to be an encoding of a type");
       if (EltEnc.getEncoding() == BitCodeAbbrevOp::Array ||
           EltEnc.getEncoding() == BitCodeAbbrevOp::Blob)
         report_fatal_error("Array element type can't be an Array or a Blob");
diff --git a/test/Bitcode/Inputs/invalid-array-operand-encoding.bc b/test/Bitcode/Inputs/invalid-array-operand-encoding.bc
new file mode 100644
index 0000000000000000000000000000000000000000..f7ec2eb700a32055c43837b58e2c94144976b25a
GIT binary patch
literal 579
zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJB<yg9t8U$RK
zoF;KQwFnrASa3*qav8a(cyLWnR6Y{az$2+xq{4oJLojK@f)x(OJ}?5!=~Q4~;0Mx1
zN*tUDDXlER3QJm8gq0q*ESw-B<kQi^-O}PCV4%!U%;F*BB6LEAQQ{1PMB^!zFpde9
zhm;OX0J+C`3JZ_~0*OUB5Qc*s8;~Ig#Ks&AGDoxq7Ce+m6JfONaJFbU+~d^1URl9j
zJfo2383X@Y0lqH{e8xOZa)%Deo?9rBX21$o)+~L7+4h99Z4a|8&<lkM3=AOeh;2~l
zb#V!1)e%W#;3@PKRPYhq5CHUfB2XR_CBiHRGY&EIsPP=kU}j`l%*!H>U?Bh$=K^B(
z0D-e2iE0WlTX{LA=dv6sjb;=S49aD5aq-wDD<G(Nx6Q$&rG*)&5@H@G=!97ubwK(-
qK`f%oU}6lUHw!j{h(o}z<^u&f$Xy7tMS&(=O#_;g0x=0F2?PM3!FN3X

literal 0
HcmV?d00001

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 9c9d54fad6c..5cdd25387b6 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -177,3 +177,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-abbrev-no-operands.bc 2>&1 |
 RUN:   FileCheck --check-prefix=ABBREV-NO-OPS %s
 
 ABBREV-NO-OPS: Abbrev record with no operands
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-operand-encoding.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ARRAY-OP-ENC %s
+
+ARRAY-OP-ENC: Array element type has to be an encoding of a type
-- 
2.34.1