[BitcodeReader] Check vector size before trying to create a VectorType

Bug found with AFL fuzz

llvm-svn: 238891
This commit is contained in:
Filipe Cabecinhas 2015-06-03 00:05:30 +00:00
parent 9aa3ab30a9
commit 8e42190d20
3 changed files with 7 additions and 0 deletions

View File

@ -1497,6 +1497,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
case bitc::TYPE_CODE_VECTOR: // VECTOR: [numelts, eltty]
if (Record.size() < 2)
return Error("Invalid record");
if (Record[0] == 0)
return Error("Invalid vector length");
ResultTy = getTypeByID(Record[1]);
if (!ResultTy || !StructType::isValidElementType(ResultTy))
return Error("Invalid type");

Binary file not shown.

View File

@ -192,3 +192,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-metadata-not-followed-named-
RUN: FileCheck --check-prefix=META-NOT-FOLLOWED-BY-NAMED-META %s
META-NOT-FOLLOWED-BY-NAMED-META: METADATA_NAME not followed by METADATA_NAMED_NODE
RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-length.bc 2>&1 | \
RUN: FileCheck --check-prefix=VECTOR-LENGTH %s
VECTOR-LENGTH: Invalid vector length