summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--llvm/lib/Bitcode/Reader/BitcodeReader.cpp32
-rw-r--r--llvm/test/Bitcode/Inputs/invalid-extractval-array-idx.bcbin0 -> 450 bytes
-rw-r--r--llvm/test/Bitcode/Inputs/invalid-extractval-struct-idx.bcbin0 -> 444 bytes
-rw-r--r--llvm/test/Bitcode/Inputs/invalid-extractval-too-many-idxs.bcbin0 -> 452 bytes
-rw-r--r--llvm/test/Bitcode/Inputs/invalid-insertval-array-idx.bcbin0 -> 452 bytes
-rw-r--r--llvm/test/Bitcode/Inputs/invalid-insertval-struct-idx.bcbin0 -> 444 bytes
-rw-r--r--llvm/test/Bitcode/Inputs/invalid-insertval-too-many-idxs.bcbin0 -> 452 bytes
-rw-r--r--llvm/test/Bitcode/invalid.test21
8 files changed, 53 insertions, 0 deletions
diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 92a1dcce5bb..4fe054de370 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -3065,12 +3065,27 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) {
return Error("Invalid record");
SmallVector<unsigned, 4> EXTRACTVALIdx;
+ Type *CurTy = Agg->getType();
for (unsigned RecSize = Record.size();
OpNum != RecSize; ++OpNum) {
+ bool IsArray = CurTy->isArrayTy();
+ bool IsStruct = CurTy->isStructTy();
uint64_t Index = Record[OpNum];
+
+ if (!IsStruct && !IsArray)
+ return Error("EXTRACTVAL: Invalid type");
if ((unsigned)Index != Index)
return Error("Invalid value");
+ if (IsStruct && Index >= CurTy->subtypes().size())
+ return Error("EXTRACTVAL: Invalid struct index");
+ if (IsArray && Index >= CurTy->getArrayNumElements())
+ return Error("EXTRACTVAL: Invalid array index");
EXTRACTVALIdx.push_back((unsigned)Index);
+
+ if (IsStruct)
+ CurTy = CurTy->subtypes()[Index];
+ else
+ CurTy = CurTy->subtypes()[0];
}
I = ExtractValueInst::Create(Agg, EXTRACTVALIdx);
@@ -3089,12 +3104,29 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) {
return Error("Invalid record");
SmallVector<unsigned, 4> INSERTVALIdx;
+ Type *CurTy = Agg->getType();
for (unsigned RecSize = Record.size();
OpNum != RecSize; ++OpNum) {
+ bool IsArray = CurTy->isArrayTy();
+ bool IsStruct = CurTy->isStructTy();
uint64_t Index = Record[OpNum];
+
+ if (!IsStruct && !IsArray)
+ return Error("INSERTVAL: Invalid type");
+ if (!CurTy->isStructTy() && !CurTy->isArrayTy())
+ return Error("Invalid type");
if ((unsigned)Index != Index)
return Error("Invalid value");
+ if (IsStruct && Index >= CurTy->subtypes().size())
+ return Error("INSERTVAL: Invalid struct index");
+ if (IsArray && Index >= CurTy->getArrayNumElements())
+ return Error("INSERTVAL: Invalid array index");
+
INSERTVALIdx.push_back((unsigned)Index);
+ if (IsStruct)
+ CurTy = CurTy->subtypes()[Index];
+ else
+ CurTy = CurTy->subtypes()[0];
}
I = InsertValueInst::Create(Agg, Val, INSERTVALIdx);
diff --git a/llvm/test/Bitcode/Inputs/invalid-extractval-array-idx.bc b/llvm/test/Bitcode/Inputs/invalid-extractval-array-idx.bc
new file mode 100644
index 00000000000..7465df361c0
--- /dev/null
+++ b/llvm/test/Bitcode/Inputs/invalid-extractval-array-idx.bc
Binary files differ
diff --git a/llvm/test/Bitcode/Inputs/invalid-extractval-struct-idx.bc b/llvm/test/Bitcode/Inputs/invalid-extractval-struct-idx.bc
new file mode 100644
index 00000000000..ccb40f7ebce
--- /dev/null
+++ b/llvm/test/Bitcode/Inputs/invalid-extractval-struct-idx.bc
Binary files differ
diff --git a/llvm/test/Bitcode/Inputs/invalid-extractval-too-many-idxs.bc b/llvm/test/Bitcode/Inputs/invalid-extractval-too-many-idxs.bc
new file mode 100644
index 00000000000..543a3ba7131
--- /dev/null
+++ b/llvm/test/Bitcode/Inputs/invalid-extractval-too-many-idxs.bc
Binary files differ
diff --git a/llvm/test/Bitcode/Inputs/invalid-insertval-array-idx.bc b/llvm/test/Bitcode/Inputs/invalid-insertval-array-idx.bc
new file mode 100644
index 00000000000..79c3c038a1c
--- /dev/null
+++ b/llvm/test/Bitcode/Inputs/invalid-insertval-array-idx.bc
Binary files differ
diff --git a/llvm/test/Bitcode/Inputs/invalid-insertval-struct-idx.bc b/llvm/test/Bitcode/Inputs/invalid-insertval-struct-idx.bc
new file mode 100644
index 00000000000..ec70384909a
--- /dev/null
+++ b/llvm/test/Bitcode/Inputs/invalid-insertval-struct-idx.bc
Binary files differ
diff --git a/llvm/test/Bitcode/Inputs/invalid-insertval-too-many-idxs.bc b/llvm/test/Bitcode/Inputs/invalid-insertval-too-many-idxs.bc
new file mode 100644
index 00000000000..fd21ac24cf4
--- /dev/null
+++ b/llvm/test/Bitcode/Inputs/invalid-insertval-too-many-idxs.bc
Binary files differ
diff --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test
index 3eaa0394dba..84bc9278d91 100644
--- a/llvm/test/Bitcode/invalid.test
+++ b/llvm/test/Bitcode/invalid.test
@@ -17,3 +17,24 @@ UNEXPECTED-EOF: Unexpected end of file
BAD-ABBREV-NUMBER: Invalid abbrev number
BAD-TYPE-TABLE-FORWARD-REF: Invalid TYPE table: Only named structs can be forward referenced
BAD-BITWIDTH: Bitwidth for integer type out of range
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-extractval-array-idx.bc 2>&1 | \
+RUN: FileCheck --check-prefix=EXTRACT-ARRAY %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-extractval-struct-idx.bc 2>&1 | \
+RUN: FileCheck --check-prefix=EXTRACT-STRUCT %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-extractval-too-many-idxs.bc 2>&1 | \
+RUN: FileCheck --check-prefix=EXTRACT-IDXS %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-insertval-array-idx.bc 2>&1 | \
+RUN: FileCheck --check-prefix=INSERT-ARRAY %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-insertval-struct-idx.bc 2>&1 | \
+RUN: FileCheck --check-prefix=INSERT-STRUCT %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-insertval-too-many-idxs.bc 2>&1 | \
+RUN: FileCheck --check-prefix=INSERT-IDXS %s
+
+
+EXTRACT-ARRAY: EXTRACTVAL: Invalid array index
+EXTRACT-STRUCT: EXTRACTVAL: Invalid struct index
+EXTRACT-IDXS: EXTRACTVAL: Invalid type
+INSERT-ARRAY: INSERTVAL: Invalid array index
+INSERT-STRUCT: INSERTVAL: Invalid struct index
+INSERT-IDXS: INSERTVAL: Invalid type
OpenPOWER on IntegriCloud