From 8cd99e9a5a13bc3f229dbabc9e8baa7b10568598 Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 27 May 2015 00:48:43 +0000
Subject: [BitstreamReader] Make sure the Array operand type is an encoding

Bug found with AFL fuzz.

llvm-svn: 238269
---
 llvm/lib/Bitcode/Reader/BitstreamReader.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'llvm/lib/Bitcode/Reader/BitstreamReader.cpp')

diff --git a/llvm/lib/Bitcode/Reader/BitstreamReader.cpp b/llvm/lib/Bitcode/Reader/BitstreamReader.cpp
index f57e077baa0..a103fbdf4a9 100644
--- a/llvm/lib/Bitcode/Reader/BitstreamReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitstreamReader.cpp
@@ -203,6 +203,9 @@ unsigned BitstreamCursor::readRecord(unsigned AbbrevID,
       if (i + 2 != e)
         report_fatal_error("Array op not second to last");
       const BitCodeAbbrevOp &EltEnc = Abbv->getOperandInfo(++i);
+      if (!EltEnc.isEncoding())
+        report_fatal_error(
+            "Array element type has to be an encoding of a type");
       if (EltEnc.getEncoding() == BitCodeAbbrevOp::Array ||
           EltEnc.getEncoding() == BitCodeAbbrevOp::Blob)
         report_fatal_error("Array element type can't be an Array or a Blob");
-- 
cgit v1.2.3