From 99ebc9e0046475e40d4d72c0c13612331786664a Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 29 Apr 2015 02:27:28 +0000
Subject: [PATCH] Check that we have a valid PointerType element type before
 calling get()

Same as r236073 but for PointerType.

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236079 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Bitcode/Reader/BitcodeReader.cpp              |   3 ++-
 .../Inputs/invalid-pointer-element-type.bc        | Bin 0 -> 644 bytes
 test/Bitcode/invalid.test                         |   2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 test/Bitcode/Inputs/invalid-pointer-element-type.bc

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 8141d5673bd..f11eba51e6c 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1360,7 +1360,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
       if (Record.size() == 2)
         AddressSpace = Record[1];
       ResultTy = getTypeByID(Record[0]);
-      if (!ResultTy)
+      if (!ResultTy ||
+          !PointerType::isValidElementType(ResultTy))
         return Error("Invalid type");
       ResultTy = PointerType::get(ResultTy, AddressSpace);
       break;
diff --git a/test/Bitcode/Inputs/invalid-pointer-element-type.bc b/test/Bitcode/Inputs/invalid-pointer-element-type.bc
new file mode 100644
index 0000000000000000000000000000000000000000..f9649e66429448281a8ac6dfacde2ed056733111
GIT binary patch
literal 644
zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJB<yg9t8U$RK
zoF;KQwFnrASa3*qav8a(cyLWnR6Y{az$2+xq{4oJLojK@f)x(OJ}?5!=~Q4~;0Mx1
zN*tUDDXlERN=sUR#N(EQ6GVi3I(oQUT6_cylo^UyJcL|?(nJ_-JDe?KM;h>ldbs6q
zk5dDCWd(cjj6$Ag4E%2e_`Wpo8S^;F9Xcp`ZlO$?0V^ncTAHQLFx#GRw(ViI1%_=Q
zFpSxNwAcoPUKf{ORvnQ<2A)D+K?NVt4FN0+42eK_P@D?09LzYx(4)q4FoT(qWic;{
zK!Sw;P@D^h*#iX5iX^Hj#BAl|n4ZgWs5F{UP%tQ$&BeuIo2-DK;@vg}mzEZ0ph}2&
zf<RiBMOO!;ACzW9lo?Enf%Im<W)N|RfkA=~Xf@bf2(v|jCS6Sfnv?=D38(-F0N<!{
AVE_OC

literal 0
HcmV?d00001

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 41173d17e5d..c18ff3d3f61 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -103,6 +103,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-element-type.bc 2>&1 |
 RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
 RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-element-type.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-pointer-element-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
 
 ELEMENT-TYPE: Invalid type
 
-- 
2.34.1