maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Fix a 32-bit overflow issue when reading LTO-generated bitcode files whose strtab are of size > 2^29 

This happens when using -flto and -Wl,--plugin-opt=emit-llvm to create a linked LTO bitcode file, and the bitcode file has a strtab with size > 2^29.

All the issues relate to a pattern like this
  size_t x64 = y64 + z32 * C
  When z32 is >= (2^32)/C, z32 * C overflows.

Reviewed-by: MaskRay

Differential Revision: https://reviews.llvm.org/D86500
This commit is contained in:
Jianzhou Zhao 2020-08-25 00:36:24 +00:00
parent a3ef1054fd
commit 4784987027
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
llvm/lib/Bitstream/Reader/BitstreamReader.cpp
View File

@ -156,8 +156,9 @@ Expected<unsigned> BitstreamCursor::skipRecord(unsigned AbbrevID) {
report_fatal_error("Array element type can't be an Array or a Blob");
case BitCodeAbbrevOp::Fixed:
assert((unsigned)EltEnc.getEncodingData() <= MaxChunkSize);
if (Error Err = JumpToBit(GetCurrentBitNo() +
NumElts * EltEnc.getEncodingData()))
if (Error Err =
JumpToBit(GetCurrentBitNo() + static_cast<uint64_t>(NumElts) *
EltEnc.getEncodingData()))
return std::move(Err);
break;
case BitCodeAbbrevOp::VBR:
@ -186,7 +187,8 @@ Expected<unsigned> BitstreamCursor::skipRecord(unsigned AbbrevID) {
SkipToFourByteBoundary(); // 32-bit alignment
// Figure out where the end of this blob will be including tail padding.
size_t NewEnd = GetCurrentBitNo()+((NumElts+3)&~3)*8;
const size_t NewEnd =
GetCurrentBitNo() + ((static_cast<uint64_t>(NumElts) + 3) & ~3) * 8;
// If this would read off the end of the bitcode file, just set the
// record to empty and return.
@ -314,7 +316,8 @@ Expected<unsigned> BitstreamCursor::readRecord(unsigned AbbrevID,
// Figure out where the end of this blob will be including tail padding.
size_t CurBitPos = GetCurrentBitNo();
size_t NewEnd = CurBitPos+((NumElts+3)&~3)*8;
const size_t NewEnd =
CurBitPos + ((static_cast<uint64_t>(NumElts) + 3) & ~3) * 8;
// If this would read off the end of the bitcode file, just set the
// record to empty and return.