From d0858e1037abb3d5239ee34bcbb61521f6d82d8e Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Fri, 30 Jan 2015 10:57:58 +0000
Subject: [PATCH] [bitcode reader] Fix an assert on invalid type tables

Bug found with afl-fuzz

llvm-svn: 227566
---
 llvm/lib/Bitcode/Reader/BitcodeReader.cpp         |   4 +++-
 .../Inputs/invalid-type-table-forward-ref.bc      | Bin 0 -> 452 bytes
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 llvm/test/Bitcode/Inputs/invalid-type-table-forward-ref.bc

diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 9e27225df799..c3589bce3980 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1095,8 +1095,10 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
 
     if (NumRecords >= TypeList.size())
       return Error("Invalid TYPE table");
+    if (TypeList[NumRecords])
+      return Error(
+          "Invalid TYPE table: Only named structs can be forward referenced");
     assert(ResultTy && "Didn't read a type?");
-    assert(!TypeList[NumRecords] && "Already read type?");
     TypeList[NumRecords++] = ResultTy;
   }
 }
diff --git a/llvm/test/Bitcode/Inputs/invalid-type-table-forward-ref.bc b/llvm/test/Bitcode/Inputs/invalid-type-table-forward-ref.bc
new file mode 100644
index 0000000000000000000000000000000000000000..4594efefd6c1565b973a3faec5d40967e88e370b
GIT binary patch
literal 452
zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJB<yg9t8U$RK
zoF+LqwFnrASa3*qav8a(cyLWnR6Y{az$2+xq{4oJLoj*8f)x(OJ}?5!=~Q4~;0Mx1
zN*tUDDXl!hN=sT;gq0q*ESw-B<kQi^-O}PCV4%!U%;F*BB6LEAQQ{1PMB^!zFpde9
zhm;OX0J+C`3JZ_~0*OUB5Qc*s8;~Ig#Ks&AGDjZDq=_)vb~szK9PV*yV6UuTFP>4z
z^NfN2tpMMb20mjRC%HohWzQ{?Ni$#tD{GQI!)$xP*|vw-mf`9DLInl}ka=Po6nb4;
zf?0J$5*c_3eFYVKL^lKgtxg2WgTh3Z<zU7kh90#y2Qru$Sr+rM2-sN&0L8h0m_0z?
ztVp7oLd;fPj_J89hf1Rv1qFk0*<4&aw#f<zD&B2#aA|2_2C9UZ2XebGi=z%mKgf?F
o$_ysPKzg%aGl)0@^ei99*C2Nx%oY_8G`yMyG${pQ5>OHd0E7BvR{#J2

literal 0
HcmV?d00001