From b97d18945b821fe4f9b4c7059eb87e2a8734ab5d Mon Sep 17 00:00:00 2001 From: Ana Pazos Date: Fri, 7 Sep 2018 18:23:19 +0000 Subject: [RISCV] Fix AddressSanitizer heap-buffer-overflow in disassembling Summary: RISCVDisassembler should check number of bytes available before reading them. Crash noticed when enabling -DLLVM_USE_SANITIZER=Address. This bug was uncovered by a LLVM MC Disassembler Protocol Buffer Fuzzer for the RISC-V assembly language. Reviewers: asb Reviewed By: asb Subscribers: rbar, johnrusso, simoncook, sabuasal, niosHD, kito-cheng, shiva0217, zzheng, edward-jones, mgrang, rogfer01, MartinMosbeck, brucehoult, the_o, rkruppe, PkmX, jocewei, asb Differential Revision: https://reviews.llvm.org/D51708 llvm-svn: 341686 --- llvm/test/MC/Disassembler/RISCV/fuzzer-invalid.txt | 8 ++++++++ llvm/test/MC/Disassembler/RISCV/lit.local.cfg | 3 +++ 2 files changed, 11 insertions(+) create mode 100644 llvm/test/MC/Disassembler/RISCV/fuzzer-invalid.txt create mode 100644 llvm/test/MC/Disassembler/RISCV/lit.local.cfg (limited to 'llvm/test/MC/Disassembler') diff --git a/llvm/test/MC/Disassembler/RISCV/fuzzer-invalid.txt b/llvm/test/MC/Disassembler/RISCV/fuzzer-invalid.txt new file mode 100644 index 00000000000..d90172d3d34 --- /dev/null +++ b/llvm/test/MC/Disassembler/RISCV/fuzzer-invalid.txt @@ -0,0 +1,8 @@ +# RUN: not llvm-mc -disassemble -triple=riscv32 < %s 2>&1 | FileCheck %s +# RUN: not llvm-mc -disassemble -triple=riscv64 < %s 2>&1 | FileCheck %s +# +# Test generated by a LLVM MC Disassembler Protocol Buffer Fuzzer +# for the RISC-V assembly language. + +[0xf9 0x95 0xab 0x99] +# CHECK: warning: invalid instruction encoding diff --git a/llvm/test/MC/Disassembler/RISCV/lit.local.cfg b/llvm/test/MC/Disassembler/RISCV/lit.local.cfg new file mode 100644 index 00000000000..d0b081e3e8b --- /dev/null +++ b/llvm/test/MC/Disassembler/RISCV/lit.local.cfg @@ -0,0 +1,3 @@ +if not 'RISCV' in config.root.targets: + config.unsupported = True + -- cgit v1.2.3