From fdb28cdd8b6bfe412382225adcb9cac0c3a8467b Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Tue, 6 Oct 2015 12:37:54 +0000
Subject: [PATCH] Make sure the CastInst is valid before trying to create it

Bug found with afl-fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249396 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Bitcode/Reader/BitcodeReader.cpp |   5 ++++-
 test/Bitcode/Inputs/invalid-cast.bc  | Bin 0 -> 1236 bytes
 test/Bitcode/invalid.test            |   5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 test/Bitcode/Inputs/invalid-cast.bc

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 2893eaef0fb..ce6790be713 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -3863,7 +3863,10 @@ std::error_code BitcodeReader::parseFunctionBody(Function *F) {
           CurBB->getInstList().push_back(Temp);
         }
       } else {
-        I = CastInst::Create((Instruction::CastOps)Opc, Op, ResTy);
+        auto CastOp = (Instruction::CastOps)Opc;
+        if (!CastInst::castIsValid(CastOp, Op, ResTy))
+          return error("Invalid cast");
+        I = CastInst::Create(CastOp, Op, ResTy);
       }
       InstructionList.push_back(I);
       break;
diff --git a/test/Bitcode/Inputs/invalid-cast.bc b/test/Bitcode/Inputs/invalid-cast.bc
new file mode 100644
index 0000000000000000000000000000000000000000..a8b82f3e28618b7a236bab73e8a54e14b8e00383
GIT binary patch
literal 1236
zcmbu8PfXKL9LIm#I`%fIE3m*&hV3?t#wFr5bS7Iiw_-}fWEhQH2!$Bp#RHlcIVhzR
zEHdSv2acc~IG6}}@nFJ$Nr<3{%$S`F#ss~Xpw5c{@wLMN_Gpvs{qlL=_x*m~vPNUc
z4-5(5)d3WWH0S}K7=KJ%uAx&4L|p;pJvpqC$SNZ$uO#|g1yrk#4i`pQ%4-WCd!5D0
zx;e`r<4T<q$a3bY+q584trKGtk@+=j34Jtx8LwWajOa@}L<#dq!e5`H@j+X0y_6`F
z*m{a|L6x9~m`#VU6u|xfaq5tyYB{A5K<^<@sRdBY7Bw>J#LLddQFX$y%RTBOFn7SB
z<N|hMZ27Z?36+rzL_<E}A*C{G$mI?1=M4jSLm_XNGgj)UCjsZ?23#)}rPRwIrAh9=
zp}7GU-a`1Mx#|C{I_#h%`jAkO`dHCs(}m<%K$=TL1yjcj)3wodauuv!sl8cYuaAsY
z&dxaAj90W(8&z5N{v|_bAr?v)LfE672583X@gbCax-Q1k2dC8G87cCV44%cKNW2ix
zPkN@a^xNk6U4GvHhE{gT8Wi2Apc;w1v2Sb3`pVa|896UUM!UNGB~$D7Cf9XNbe%C{
z=dvf8%YN*P#99w_>(p^0w0+(Ui{G1H{4NvxSc61|e_PfO#Ij9a({z;GGi5g_$}`sD
z4NFl?s<nIscj)}~E9{UlccRmi+~2KIWouwN{k@u=$gZ5&aJ{yf#hY8UYR?QXsOE~k
zcg539H^$~T>#cNnxqgVw6ew|qq92B&ixYW^g*p~qL&J1tR*x?Z1GHIekK=k_%poXd
zFTQl4Qr?DdAu<7c1tWbH?}|KW-62>V3#NY_Vc${xRf;Cv#VH#6(?bglV8Ck$F(c0a
z@B*G&=$$NbK>4ffW?ZF~#T{C<LfqDz&7^uY?2Dvj0^9TX-&~o{>Lydlo3p#$prmD^
Wtd@-tS~iiAG=9$|ElaWrQ=UJS2`wT3

literal 0
HcmV?d00001

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 0aab553bb61..69104046df2 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -113,6 +113,11 @@ RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
 
 ELEMENT-TYPE: Invalid type
 
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-cast.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-CAST %s
+
+INVALID-CAST: Invalid cast
+
 RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-op-not-2nd-to-last.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=ARRAY-NOT-2LAST %s
 
-- 
2.34.1