diff options
| author | Filipe Cabecinhas <me@filcab.net> | 2015-05-26 23:00:56 +0000 |
|---|---|---|
| committer | Filipe Cabecinhas <me@filcab.net> | 2015-05-26 23:00:56 +0000 |
| commit | 0eb8a59a679567334fd160d11ae4d6173ecbac0f (patch) | |
| tree | 490fa143f0112019c2a714a901b19377fae53c37 | |
| parent | ee8f99407749fb63dcf4f16bd9572ecca5de9a26 (diff) | |
| download | bcm5719-llvm-0eb8a59a679567334fd160d11ae4d6173ecbac0f.tar.gz bcm5719-llvm-0eb8a59a679567334fd160d11ae4d6173ecbac0f.zip | |
[BitcodeReader] Sanity check on Comdat ID
Shouldn't be an assert, since user input can trigger it.
Bug found with AFL fuzz.
llvm-svn: 238261
| -rw-r--r-- | llvm/lib/Bitcode/Reader/BitcodeReader.cpp | 6 | ||||
| -rw-r--r-- | llvm/test/Bitcode/Inputs/invalid-function-comdat-id.bc | bin | 0 -> 489 bytes | |||
| -rw-r--r-- | llvm/test/Bitcode/Inputs/invalid-global-var-comdat-id.bc | bin | 0 -> 488 bytes | |||
| -rw-r--r-- | llvm/test/Bitcode/invalid.test | 10 |
4 files changed, 14 insertions, 2 deletions
diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp index 6eef594eaf1..3f21bb9fbac 100644 --- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp +++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp @@ -2956,7 +2956,8 @@ std::error_code BitcodeReader::ParseModule(bool Resume, if (Record.size() > 11) { if (unsigned ComdatID = Record[11]) { - assert(ComdatID <= ComdatList.size()); + if (ComdatID > ComdatList.size()) + return Error("Invalid global variable comdat ID"); NewGV->setComdat(ComdatList[ComdatID - 1]); } } else if (hasImplicitComdat(RawLinkage)) { @@ -3020,7 +3021,8 @@ std::error_code BitcodeReader::ParseModule(bool Resume, if (Record.size() > 12) { if (unsigned ComdatID = Record[12]) { - assert(ComdatID <= ComdatList.size()); + if (ComdatID > ComdatList.size()) + return Error("Invalid function comdat ID"); Func->setComdat(ComdatList[ComdatID - 1]); } } else if (hasImplicitComdat(RawLinkage)) { diff --git a/llvm/test/Bitcode/Inputs/invalid-function-comdat-id.bc b/llvm/test/Bitcode/Inputs/invalid-function-comdat-id.bc Binary files differnew file mode 100644 index 00000000000..d0ad8234bc8 --- /dev/null +++ b/llvm/test/Bitcode/Inputs/invalid-function-comdat-id.bc diff --git a/llvm/test/Bitcode/Inputs/invalid-global-var-comdat-id.bc b/llvm/test/Bitcode/Inputs/invalid-global-var-comdat-id.bc Binary files differnew file mode 100644 index 00000000000..93d6ba2169b --- /dev/null +++ b/llvm/test/Bitcode/Inputs/invalid-global-var-comdat-id.bc diff --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test index f609d043df4..bd6e265cbb3 100644 --- a/llvm/test/Bitcode/invalid.test +++ b/llvm/test/Bitcode/invalid.test @@ -162,3 +162,13 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-fixme-streaming-blob.bc 2>&1 RUN: FileCheck --check-prefix=STREAMING-BLOB %s STREAMING-BLOB: getPointer in streaming memory objects not allowed + +RUN: not llvm-dis -disable-output %p/Inputs/invalid-function-comdat-id.bc 2>&1 | \ +RUN: FileCheck --check-prefix=INVALID-FCOMDAT-ID %s + +INVALID-FCOMDAT-ID: Invalid function comdat ID + +RUN: not llvm-dis -disable-output %p/Inputs/invalid-global-var-comdat-id.bc 2>&1 | \ +RUN: FileCheck --check-prefix=INVALID-GVCOMDAT-ID %s + +INVALID-GVCOMDAT-ID: Invalid global variable comdat ID |
