From 3b821159da170b233a3ba8c12ce47ee6662946f0 Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Sat, 30 May 2015 00:17:20 +0000
Subject: [PATCH] [BitcodeReader] Change an assert to a call to a call to
 Error()

It's reachable from user input.

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238633 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Bitcode/Reader/BitcodeReader.cpp              |   4 ++--
 .../invalid-metadata-not-followed-named-node.bc   | Bin 0 -> 878 bytes
 test/Bitcode/invalid.test                         |   5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 test/Bitcode/Inputs/invalid-metadata-not-followed-named-node.bc

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 441a4c76344..4044ac80f20 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1634,9 +1634,9 @@ std::error_code BitcodeReader::ParseMetadata() {
       Record.clear();
       Code = Stream.ReadCode();
 
-      // METADATA_NAME is always followed by METADATA_NAMED_NODE.
       unsigned NextBitCode = Stream.readRecord(Code, Record);
-      assert(NextBitCode == bitc::METADATA_NAMED_NODE); (void)NextBitCode;
+      if (NextBitCode != bitc::METADATA_NAMED_NODE)
+        return Error("METADATA_NAME not followed by METADATA_NAMED_NODE");
 
       // Read named metadata elements.
       unsigned Size = Record.size();
diff --git a/test/Bitcode/Inputs/invalid-metadata-not-followed-named-node.bc b/test/Bitcode/Inputs/invalid-metadata-not-followed-named-node.bc
new file mode 100644
index 0000000000000000000000000000000000000000..42a2c3e65fecb9d56daa43ef548231050f386510
GIT binary patch
literal 878
zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJB<yg9t8U$RK
zoF;KQwFnrASa3*qav8a(cyLWnR6Y{az$2+xq{4oJLojK@f)x(OJ}?5!=~Q4~;0Mx1
zN*tUDDXlERN=sUR#N(EQ6GVi3I(oQUT6_cylo^UyJcL|?PRKAyoMDh?JjD{mF~RbX
z(t!ye_c%{s0g^x<u}BBPaFAmIG6aFxn4>}F$U_-75k}h%XN#7@Jx&eml@;v8GYWa0
zG4Q_?;QP|RXUyXycj%z(xrH)m2CQIZ&C+L>ZBIDc_AuK5%_vl0U;vpXwn3rS#U+?k
zM<kJfr_fhW!AEpM0MP10pgbr{gjo(|C@}P>@f^%x#tgFm|LGBAaa0SkG<pXaBg<l5
z7J&o{0bo#a0Wo`kz*&(*HHDb1yd2YWSq_y(GYSd@<+8cBcx;mu5LCR|=HSxO!VFZ|
zz>ug9iEd#QM;(xUP_htFW-u`Z(whaFLBt_o`rrd46i`&M2Z%w<7A4<WV9b+mEzkp3
M(|{gG0eJuh0EvCT@Bjb+

literal 0
HcmV?d00001

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index eb7f979d574..43f7c77d598 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -187,3 +187,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-operand-encoding.bc 2>
 RUN:   FileCheck --check-prefix=ARRAY-OP-ENC %s
 
 ARRAY-OP-ENC: Array element type has to be an encoding of a type
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-metadata-not-followed-named-node.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=META-NOT-FOLLOWED-BY-NAMED-META %s
+
+META-NOT-FOLLOWED-BY-NAMED-META: METADATA_NAME not followed by METADATA_NAMED_NODE
-- 
2.34.1