From f15fb032efeb9da81f3ca341879b3eccea98b1b6 Mon Sep 17 00:00:00 2001 From: Filipe Cabecinhas Date: Wed, 29 Apr 2015 01:27:01 +0000 Subject: [PATCH] Make sure that isValidElementType(Type) before calling {Array,Struct}Type::get(Type) Bug found with AFL fuzz. llvm-svn: 236073 --- llvm/lib/Bitcode/Reader/BitcodeReader.cpp | 6 ++++-- .../Bitcode/Inputs/invalid-array-element-type.bc | Bin 0 -> 452 bytes .../Bitcode/Inputs/invalid-vector-element-type.bc | Bin 0 -> 452 bytes llvm/test/Bitcode/invalid.test | 7 +++++++ 4 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 llvm/test/Bitcode/Inputs/invalid-array-element-type.bc create mode 100644 llvm/test/Bitcode/Inputs/invalid-vector-element-type.bc diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp index 6656478754ee..a381c30170e0 100644 --- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp +++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp @@ -1474,7 +1474,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() { case bitc::TYPE_CODE_ARRAY: // ARRAY: [numelts, eltty] if (Record.size() < 2) return Error("Invalid record"); - if ((ResultTy = getTypeByID(Record[1]))) + if ((ResultTy = getTypeByID(Record[1])) && + StructType::isValidElementType(ResultTy)) ResultTy = ArrayType::get(ResultTy, Record[0]); else return Error("Invalid type"); @@ -1482,7 +1483,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() { case bitc::TYPE_CODE_VECTOR: // VECTOR: [numelts, eltty] if (Record.size() < 2) return Error("Invalid record"); - if ((ResultTy = getTypeByID(Record[1]))) + if ((ResultTy = getTypeByID(Record[1])) && + StructType::isValidElementType(ResultTy)) ResultTy = VectorType::get(ResultTy, Record[0]); else return Error("Invalid type"); diff --git a/llvm/test/Bitcode/Inputs/invalid-array-element-type.bc b/llvm/test/Bitcode/Inputs/invalid-array-element-type.bc new file mode 100644 index 0000000000000000000000000000000000000000..3ce4ba2f77d51a7c0af83594e64989b8ccd0af97 GIT binary patch literal 452 zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJB}F$U~Vl5k}h%XN#7@Jx&eml@;v8GYWa0 zG4Q_?;QP|RXUyXycj%z(xrH)m2CQIZ&C+L>ZBIDc_AuK5%_vl0U;vpXwn3rS#U+?k zM9&`6j5d{ lF$U6`1)D*{A)sgZK)wdK3t_e>(4?zrK$B7+CIKaZ001nZVo?A9 literal 0 HcmV?d00001 diff --git a/llvm/test/Bitcode/Inputs/invalid-vector-element-type.bc b/llvm/test/Bitcode/Inputs/invalid-vector-element-type.bc new file mode 100644 index 0000000000000000000000000000000000000000..9c6c625c918140b0170c37ef2712c811ab623d72 GIT binary patch literal 452 zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJB}F$U~Vl5k}h%XN#7@Jx&eml@;v8GYWa0 zG4Q_?;QP|RXUyXycj%z(xrH)m2CQIZ&C+L>ZBIDc_AuK5%_vl0U;vpXwn3rS#U+?k zM9&`6j5d{ lF$U6`1)D*{A)sgZK)wdK3t_e>(4?zrK$B7+CIKaZ001rJVp0GA literal 0 HcmV?d00001 diff --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test index 89cd0e908f07..6dfab58375e8 100644 --- a/llvm/test/Bitcode/invalid.test +++ b/llvm/test/Bitcode/invalid.test @@ -98,3 +98,10 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-fwdref-type-mismatch.bc 2>&1 RUN: FileCheck --check-prefix=FWDREF-TYPE %s FWDREF-TYPE: Invalid record + +RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-element-type.bc 2>&1 | \ +RUN: FileCheck --check-prefix=ELEMENT-TYPE %s +RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-element-type.bc 2>&1 | \ +RUN: FileCheck --check-prefix=ELEMENT-TYPE %s + +ELEMENT-TYPE: Invalid type