From c3c89b471b2e30c85c37d17984e1260c56b6d06f Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 4 Nov 2015 14:53:36 +0000
Subject: [PATCH] Error out when faced with value names containing '\0'

Bug found with afl-fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252048 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Bitcode/Reader/BitcodeReader.cpp            |   5 ++++-
 test/Bitcode/Inputs/invalid-name-with-0-byte.bc | Bin 0 -> 1265 bytes
 test/Bitcode/invalid.test                       |   5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 test/Bitcode/Inputs/invalid-name-with-0-byte.bc

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index c874a84e0cb..522f2aa4707 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1749,7 +1749,10 @@ ErrorOr<Value *> BitcodeReader::recordValue(SmallVectorImpl<uint64_t> &Record,
     return error("Invalid record");
   Value *V = ValueList[ValueID];
 
-  V->setName(StringRef(ValueName.data(), ValueName.size()));
+  StringRef NameStr(ValueName.data(), ValueName.size());
+  if (NameStr.find_first_of(0) != StringRef::npos)
+    return error("Invalid value name");
+  V->setName(NameStr);
   auto *GO = dyn_cast<GlobalObject>(V);
   if (GO) {
     if (GO->getComdat() == reinterpret_cast<Comdat *>(1)) {
diff --git a/test/Bitcode/Inputs/invalid-name-with-0-byte.bc b/test/Bitcode/Inputs/invalid-name-with-0-byte.bc
new file mode 100644
index 0000000000000000000000000000000000000000..9c6a9158eee7f1bf05c9b67bb10cb1f0881defbb
GIT binary patch
literal 1265
zcmbtTO-$2Z7=E{P>|<0`V1c24?FL38i8zMNWCYxbDG`%lG;$$q#1JnY(8S0^N-0<b
z<<A30P!AkT1i5%HVZbCr&_tFPP6lH_yqKWQivjWdI<iT6v`PEDdEV!Hp66@d21Bt=
z0t?_Z0put=m;oRkZ(EON^!y6bn8kU|jhR%o!b*zEn89|LG?;^9IYE*0I{n1eX!nZc
zl6^$*#4pQiv2d&0wxV(E)05Nn%iAak13W-Bu3ooB`0IU4f$&Vl#}{>K#F^iu4&|s~
z6UTa>LN-IlX(C7ka6KWCUc|Tti6#Q*Kd#VN099gMi=bB#&HX&6S4g|jr&qG@0PNHk
zP)%^A_nu&MjBRF`(-u!T9YaAWE%-Ps=uZpEX~C2*ji>Jf^i35QFJ(pJr68Ilb)jjh
zz`*+uo-|eczf_kCsADyeOX8nPI-I6jE#z01hJv!K>#ptgL?^oij&EFUQqHYrgJp{g
zrSGRoI;yNXt@p^9rFJD$J7lRvjZPk*4c9ZHB=&Mg2`7%t>ct$ZL^#cYodRY-TL4+?
z$2tm?tEY%^)o-4uoKNx}+QJVbhlde#h-;33Qckj}h!U|5?6(|mt6TT#uW0oXJ-xny
z*_}r-J0>@|BV?mh(TlxxA6gNmp%T@)P0~2;S}upxA8oJy6v;m15T(?Yp>+k2wpZOc
z9}o}Cx~!CW(UHHq$JNB!i^nlT_xIm*r5fUHa$!comOT$!g|s!CasQ~h4<$Fx?t0!i
zaZF{<W%ZmJAds4y=KjsfUcM!?BsuOS>eib^`Hd`UXUY3%iP<D2Vz+ar>$b@lzp-e>
zgTpYNt#pPlULE2PP?Fc)cmOgpKnf#HJdq;!@i<og5;Bzt>&TGF)?^^@>!dix4OUQ2
zqDP_}eB%)10WzNfBC-LiKT78?%Kyug%8XdJ)QD{|_YHeD;`*mPp!ZcZV*4Y(Lz3#I
n#zbR`yqP%tt)d6?MpPp<AsVqs#)wVFRfFCu)riGJiqY#YHl{JN

literal 0
HcmV?d00001

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 24ccd8bccd5..3425adc8410 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -212,3 +212,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-no-function-block.bc 2>&1 |
 RUN:   FileCheck --check-prefix=NO-FUNCTION-BLOCK %s
 
 NO-FUNCTION-BLOCK: Trying to materialize functions before seeing function blocks
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-name-with-0-byte.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=NAME-WITH-0 %s
+
+NAME-WITH-0: Invalid value name
-- 
2.34.1