From b2bf278152eb79ac805414f39cf78207fc506dc5 Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Mon, 18 May 2015 22:27:11 +0000
Subject: [PATCH] [BitcodeReader] Make sure the type of the inserted value
 matches the type of the aggregate at those indices

Bug found with AFL-fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237628 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Bitcode/Reader/BitcodeReader.cpp              |   3 +++
 .../invalid-inserted-value-type-mismatch.bc       | Bin 0 -> 452 bytes
 test/Bitcode/invalid.test                         |   5 +++++
 3 files changed, 8 insertions(+)
 create mode 100644 test/Bitcode/Inputs/invalid-inserted-value-type-mismatch.bc

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 86c61bdf66b..70b681000a7 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -3644,6 +3644,9 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) {
           CurTy = CurTy->subtypes()[0];
       }
 
+      if (CurTy != Val->getType())
+        return Error("Inserted value type doesn't match aggregate type");
+
       I = InsertValueInst::Create(Agg, Val, INSERTVALIdx);
       InstructionList.push_back(I);
       break;
diff --git a/test/Bitcode/Inputs/invalid-inserted-value-type-mismatch.bc b/test/Bitcode/Inputs/invalid-inserted-value-type-mismatch.bc
new file mode 100644
index 0000000000000000000000000000000000000000..81333cd6be67ff7e463af7bfa9880821b7551a82
GIT binary patch
literal 452
zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJB<yg9t8U$RK
zoF;KQwFnrASa3*qav8a(cyLWnR6Y{az$2+xq{4oJLojK@f)x(OJ}?5!=~Q4~;0Mx1
zN*tUDDXlERN=sUR#N(EQ6GVi3I(oQUT6_cylo^UyJcL|?PRKAyoMDh?JjD{mF~RbX
z(t!ye_c%{s0g^x<u}BBPaFAmIG6aFxn4>}F$U~Vl5k}h%XN#7@Jx&eml@;v8GYWa0
zG4Q_?;QP|RXUyXycj%z(xrH)m2CQIZ&C+L>ZBIDc_AuK5%_vl0U;vpXwn3rS#U+?k
zM<kJfr_fhW!AEpM0MP106-bx}vmDGg#L%P0b1;LMk!3M2i$H>f08k$n5VHpeoE1q_
zQ;6Bh%P~Ed<xpufqo80=E}M&s$2M63LB+dm4lXS%%s`bu^AsR%7iMwP0qF<%QAC-+
l#283#7HkF)hk%~t1Nj={E`-^lK$EVf0ZmGQm;{sr0su}6Vr>8b

literal 0
HcmV?d00001

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 7dd97a4f49a..921d4e62c04 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -142,3 +142,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-load-ptr-type.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=BAD-LOAD-PTR-TYPE %s
 
 BAD-LOAD-PTR-TYPE: Cannot load/store from pointer
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-inserted-value-type-mismatch.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INSERT-TYPE-MISMATCH %s
+
+INSERT-TYPE-MISMATCH: Inserted value type doesn't match aggregate type
-- 
2.34.1