3 files changed, 19 insertions, 0 deletions

diff --git a/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp b/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp
index 7bbb371a757..a2a6ffcfdbc 100644
--- a/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp
+++ b/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp
@@ -257,11 +257,19 @@ DecodeStatus RISCVDisassembler::getInstruction(MCInst &MI, uint64_t &Size,
 
   // It's a 32 bit instruction if bit 0 and 1 are 1.
   if ((Bytes[0] & 0x3) == 0x3) {
+    if (Bytes.size() < 4) {
+      Size = 0;
+      return MCDisassembler::Fail;
+    }
     Insn = support::endian::read32le(Bytes.data());
     LLVM_DEBUG(dbgs() << "Trying RISCV32 table :\n");
     Result = decodeInstruction(DecoderTable32, MI, Insn, Address, this, STI);
     Size = 4;
   } else {
+    if (Bytes.size() < 2) {
+      Size = 0;
+      return MCDisassembler::Fail;
+    }
     Insn = support::endian::read16le(Bytes.data());
 
     if (!STI.getFeatureBits()[RISCV::Feature64Bit]) {
diff --git a/llvm/test/MC/Disassembler/RISCV/fuzzer-invalid.txt b/llvm/test/MC/Disassembler/RISCV/fuzzer-invalid.txt
new file mode 100644
index 00000000000..d90172d3d34
--- /dev/null
+++ b/llvm/test/MC/Disassembler/RISCV/fuzzer-invalid.txt
@@ -0,0 +1,8 @@
+# RUN: not llvm-mc -disassemble -triple=riscv32 < %s 2>&1 | FileCheck %s
+# RUN: not llvm-mc -disassemble -triple=riscv64 < %s 2>&1 | FileCheck %s
+#
+# Test generated by a LLVM MC Disassembler Protocol Buffer Fuzzer
+# for the RISC-V assembly language.
+
+[0xf9 0x95 0xab 0x99]
+# CHECK: warning: invalid instruction encoding
diff --git a/llvm/test/MC/Disassembler/RISCV/lit.local.cfg b/llvm/test/MC/Disassembler/RISCV/lit.local.cfg
new file mode 100644
index 00000000000..d0b081e3e8b
--- /dev/null
+++ b/llvm/test/MC/Disassembler/RISCV/lit.local.cfg
@@ -0,0 +1,3 @@
+if not 'RISCV' in config.root.targets:
+    config.unsupported = True
+