maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[Bitcode] Guard against out of bounds value reference 

We should make sure that the value ID is in bounds, otherwise
we will assert / read out of bounds.
This commit is contained in:
Nikita Popov 2022-02-07 11:51:19 +01:00
parent ec18030f5f
commit 0c553bff8e
3 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
llvm/lib/Bitcode/Reader/BitcodeReader.cpp
View File

@ -2107,11 +2107,15 @@ Error BitcodeReader::parseGlobalValueSymbolTable() {
if (!MaybeRecord) if (!MaybeRecord)
return MaybeRecord.takeError(); return MaybeRecord.takeError();
switch (MaybeRecord.get()) { switch (MaybeRecord.get()) {
case bitc::VST_CODE_FNENTRY: // [valueid, offset] case bitc::VST_CODE_FNENTRY: { // [valueid, offset]
unsigned ValueID = Record[0];
if (ValueID >= ValueList.size() || !ValueList[ValueID])
return error("Invalid value reference in symbol table");
setDeferredFunctionInfo(FuncBitcodeOffsetDelta, setDeferredFunctionInfo(FuncBitcodeOffsetDelta,
cast<Function>(ValueList[Record[0]]), Record); cast<Function>(ValueList[ValueID]), Record);
break; break;
} }
}
} }
} }

BIN
llvm/test/Bitcode/Inputs/invalid-value-symbol-table.bc Normal file
View File

Binary file not shown.

5
llvm/test/Bitcode/invalid.test
View File

@ -266,3 +266,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/unterminated-blob.bc 2>&1 | \
RUN: FileCheck --check-prefix=UNTERMINATED-BLOB %s RUN: FileCheck --check-prefix=UNTERMINATED-BLOB %s
UNTERMINATED-BLOB: Blob ends too soon UNTERMINATED-BLOB: Blob ends too soon
RUN: not llvm-dis -disable-output %p/Inputs/invalid-value-symbol-table.bc 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-VALUE-SYMBOL-TABLE %s
INVALID-VALUE-SYMBOL-TABLE: Invalid value reference in symbol table