forked from OSchip/llvm-project
Recommit "[BitcodeReader] Validate OpNum, before accessing Record array."
This recommits r365750 (git commit 8b222ecf27)
Original message:
Currently invalid bitcode files can cause a crash, when OpNum exceeds
the number of elements in Record, like in the attached bitcode file.
The test case was generated by clusterfuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15698
Reviewers: t.p.northover, thegameg, jfb
Reviewed By: jfb
Differential Revision: https://reviews.llvm.org/D64507
llvm-svn: 365750jkkkk
llvm-svn: 366018
This commit is contained in:
Florian Hahn
parent
864474c9c7
commit
19d3fdb08b
|
|
@ -4171,6 +4171,10 @@ Error BitcodeReader::parseFunctionBody(Function *F) {
|
||||||
popValue(Record, OpNum, NextValueNo, LHS->getType(), RHS))
|
popValue(Record, OpNum, NextValueNo, LHS->getType(), RHS))
|
||||||
return error("Invalid record");
|
return error("Invalid record");
|
||||||
|
|
||||||
|
if (OpNum >= Record.size())
|
||||||
|
return error(
|
||||||
|
"Invalid record: operand number exceeded available operands");
|
||||||
|
|
||||||
unsigned PredVal = Record[OpNum];
|
unsigned PredVal = Record[OpNum];
|
||||||
bool IsFP = LHS->getType()->isFPOrFPVectorTy();
|
bool IsFP = LHS->getType()->isFPOrFPVectorTy();
|
||||||
FastMathFlags FMF;
|
FastMathFlags FMF;
|
||||||
|
|
|
||||||
Binary file not shown.
|
|
@ -235,3 +235,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-nonpointer-atomicrmw.bc 2>&1
|
||||||
RUN: FileCheck --check-prefix=NONPOINTER-ATOMICRMW %s
|
RUN: FileCheck --check-prefix=NONPOINTER-ATOMICRMW %s
|
||||||
|
|
||||||
NONPOINTER-ATOMICRMW: Invalid record
|
NONPOINTER-ATOMICRMW: Invalid record
|
||||||
|
|
||||||
|
RUN: not llvm-dis -disable-output %p/Inputs/invalid-fcmp-opnum.bc 2>&1 | \
|
||||||
|
RUN: FileCheck --check-prefix=INVALID-FCMP-OPNUM %s
|
||||||
|
|
||||||
|
INVALID-FCMP-OPNUM: Invalid record: operand number exceeded available operands
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue