From f3fa99c48e2a69b2df4a06249b987919b744acd9 Mon Sep 17 00:00:00 2001 From: Filipe Cabecinhas Date: Tue, 19 May 2015 00:34:17 +0000 Subject: [BitcodeReader] It's a malformed block if CodeLenWidth is too big Bug found with AFL fuzz. llvm-svn: 237646 --- llvm/lib/Bitcode/Reader/BitstreamReader.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'llvm/lib/Bitcode/Reader/BitstreamReader.cpp') diff --git a/llvm/lib/Bitcode/Reader/BitstreamReader.cpp b/llvm/lib/Bitcode/Reader/BitstreamReader.cpp index dff6d181486..450bbbc4558 100644 --- a/llvm/lib/Bitcode/Reader/BitstreamReader.cpp +++ b/llvm/lib/Bitcode/Reader/BitstreamReader.cpp @@ -39,6 +39,10 @@ bool BitstreamCursor::EnterSubBlock(unsigned BlockID, unsigned *NumWordsP) { // Get the codesize of this block. CurCodeSize = ReadVBR(bitc::CodeLenWidth); + // We can't read more than MaxChunkSize at a time + if (CurCodeSize > MaxChunkSize) + return true; + SkipToFourByteBoundary(); unsigned NumWords = Read(bitc::BlockSizeWidth); if (NumWordsP) *NumWordsP = NumWords; -- cgit v1.2.3