[Bitcode] Diagnose errors instead of asserting from bad input

Eventually we can make some of these pass the error along to the caller. Reports a fatal error if: We find an invalid abbrev record We try to get an invalid abbrev number We can't fill the current word due to an EOF Fixed an invalid bitcode test to check for output with FileCheck Bugs found with afl-fuzz llvm-svn: 226986
2015-01-24 04:15:05 +00:00 · 2015-01-24 04:15:05 +00:00 · de968ecb05
parent d1787adcec
commit de968ecb05
6 changed files with 25 additions and 6 deletions
--- a/llvm/include/llvm/Bitcode/BitstreamReader.h
+++ b/llvm/include/llvm/Bitcode/BitstreamReader.h
@ -315,7 +315,8 @@ public:
  }

  void fillCurWord() {
-    assert(Size == 0 || NextChar < (unsigned)Size);
+    if (Size != 0 && NextChar >= (unsigned)Size)
+      report_fatal_error("Unexpected end of file");

    // Read the next word from the stream.
    uint8_t Array[sizeof(word_t)] = {0};
@ -490,11 +491,11 @@ private:
  //===--------------------------------------------------------------------===//

 public:
-
  /// Return the abbreviation for the specified AbbrevId.
  const BitCodeAbbrev *getAbbrev(unsigned AbbrevID) {
-    unsigned AbbrevNo = AbbrevID-bitc::FIRST_APPLICATION_ABBREV;
-    assert(AbbrevNo < CurAbbrevs.size() && "Invalid abbrev #!");
+    unsigned AbbrevNo = AbbrevID - bitc::FIRST_APPLICATION_ABBREV;
+    if (AbbrevNo >= CurAbbrevs.size())
+      report_fatal_error("Invalid abbrev number");
    return CurAbbrevs[AbbrevNo].get();
  }

--- a/llvm/lib/Bitcode/Reader/BitstreamReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitstreamReader.cpp
@ -170,8 +170,12 @@ unsigned BitstreamCursor::readRecord(unsigned AbbrevID,
  unsigned Code;
  if (CodeOp.isLiteral())
    Code = CodeOp.getLiteralValue();
-  else
+  else {
+    if (CodeOp.getEncoding() == BitCodeAbbrevOp::Array ||
+        CodeOp.getEncoding() == BitCodeAbbrevOp::Blob)
+      report_fatal_error("Abbreviation starts with an Array or a Blob");
    Code = readAbbreviatedField(*this, CodeOp);
+  }

  for (unsigned i = 1, e = Abbv->getNumOperandInfos(); i != e; ++i) {
    const BitCodeAbbrevOp &Op = Abbv->getOperandInfo(i);
--- a/llvm/test/Bitcode/Inputs/invalid-abbrev.bc
+++ b/llvm/test/Bitcode/Inputs/invalid-abbrev.bc
--- a/llvm/test/Bitcode/Inputs/invalid-bad-abbrev-number.bc
+++ b/llvm/test/Bitcode/Inputs/invalid-bad-abbrev-number.bc
@ -0,0 +1 @@
+BCﾀﾞ!0000000000
--- a/llvm/test/Bitcode/Inputs/invalid-unexpected-eof.bc
+++ b/llvm/test/Bitcode/Inputs/invalid-unexpected-eof.bc
@ -0,0 +1 @@
+BCﾀﾞ!00000000000000000000
--- a/llvm/test/Bitcode/invalid.test
+++ b/llvm/test/Bitcode/invalid.test
@ -1 +1,13 @@
-RUN: not llvm-dis -disable-output %p/Inputs/invalid-pr20485.bc
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-pr20485.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-ENCODING %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-abbrev.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=BAD-ABBREV %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-unexpected-eof.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=UNEXPECTED-EOF %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-bad-abbrev-number.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=BAD-ABBREV-NUMBER %s
+
+INVALID-ENCODING: Invalid encoding
+BAD-ABBREV: Abbreviation starts with an Array or a Blob
+UNEXPECTED-EOF: Unexpected end of file
+BAD-ABBREV-NUMBER: Invalid abbrev number