Make sure that isValidElementType(Type) before calling {Array,Struct}Type::get(Type)

Bug found with AFL fuzz. llvm-svn: 236073
author: Filipe Cabecinhas <me@filcab.net> 2015-04-29 01:27:01 +0000
committer: Filipe Cabecinhas <me@filcab.net> 2015-04-29 01:27:01 +0000
commit: f15fb032efeb9da81f3ca341879b3eccea98b1b6 (patch)
tree: 83c5377aa61d7c3a6860ecc3674710d2bd9f3552
parent: 180b92168dd61c0d6c61eaa241c3c21bd892a19b (diff)
download: bcm5719-llvm-f15fb032efeb9da81f3ca341879b3eccea98b1b6.tar.gz
bcm5719-llvm-f15fb032efeb9da81f3ca341879b3eccea98b1b6.zip
4 files changed, 11 insertions, 2 deletions
diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 6656478754e..a381c30170e 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1474,7 +1474,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
     case bitc::TYPE_CODE_ARRAY:     // ARRAY: [numelts, eltty]
       if (Record.size() < 2)
         return Error("Invalid record");
-      if ((ResultTy = getTypeByID(Record[1])))
+      if ((ResultTy = getTypeByID(Record[1])) &&
+          StructType::isValidElementType(ResultTy))
         ResultTy = ArrayType::get(ResultTy, Record[0]);
       else
         return Error("Invalid type");
@@ -1482,7 +1483,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
     case bitc::TYPE_CODE_VECTOR:    // VECTOR: [numelts, eltty]
       if (Record.size() < 2)
         return Error("Invalid record");
-      if ((ResultTy = getTypeByID(Record[1])))
+      if ((ResultTy = getTypeByID(Record[1])) &&
+          StructType::isValidElementType(ResultTy))
         ResultTy = VectorType::get(ResultTy, Record[0]);
       else
         return Error("Invalid type");
diff --git a/llvm/test/Bitcode/Inputs/invalid-array-element-type.bc b/llvm/test/Bitcode/Inputs/invalid-array-element-type.bc
new file mode 100644
index 00000000000..3ce4ba2f77d
--- /dev/null
+++ b/llvm/test/Bitcode/Inputs/invalid-array-element-type.bc
diff --git a/llvm/test/Bitcode/Inputs/invalid-vector-element-type.bc b/llvm/test/Bitcode/Inputs/invalid-vector-element-type.bc
new file mode 100644
index 00000000000..9c6c625c918
--- /dev/null
+++ b/llvm/test/Bitcode/Inputs/invalid-vector-element-type.bc
diff --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test
index 89cd0e908f0..6dfab58375e 100644
--- a/llvm/test/Bitcode/invalid.test
+++ b/llvm/test/Bitcode/invalid.test
@@ -98,3 +98,10 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-fwdref-type-mismatch.bc 2>&1
 RUN:   FileCheck --check-prefix=FWDREF-TYPE %s
 
 FWDREF-TYPE: Invalid record
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-element-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-element-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
+
+ELEMENT-TYPE: Invalid type
author	Filipe Cabecinhas <me@filcab.net>	2015-04-29 01:27:01 +0000
committer	Filipe Cabecinhas <me@filcab.net>	2015-04-29 01:27:01 +0000
commit	f15fb032efeb9da81f3ca341879b3eccea98b1b6 (patch)
tree	83c5377aa61d7c3a6860ecc3674710d2bd9f3552
parent	180b92168dd61c0d6c61eaa241c3c21bd892a19b (diff)
download	bcm5719-llvm-f15fb032efeb9da81f3ca341879b3eccea98b1b6.tar.gz bcm5719-llvm-f15fb032efeb9da81f3ca341879b3eccea98b1b6.zip