llvm.org GIT mirror llvm / 4af77dd
[BitcodeReader] Validate OpNum, before accessing Record array. Currently invalid bitcode files can cause a crash, when OpNum exceeds the number of elements in Record, like in the attached bitcode file. The test case was generated by clusterfuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15698 Reviewers: t.p.northover, thegameg, jfb Reviewed By: jfb Differential Revision: https://reviews.llvm.org/D64507 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@365750 91177308-0d34-0410-b5e6-96231b3b80d8 Florian Hahn a month ago
3 changed file(s) with 9 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
41644164 popValue(Record, OpNum, NextValueNo, LHS->getType(), RHS))
41654165 return error("Invalid record");
41664166
4167 if (OpNum >= Record.size())
4168 return error(
4169 "Invalid record: operand number exceeded available operands");
4170
41674171 unsigned PredVal = Record[OpNum];
41684172 bool IsFP = LHS->getType()->isFPOrFPVectorTy();
41694173 FastMathFlags FMF;
234234 RUN: FileCheck --check-prefix=NONPOINTER-ATOMICRMW %s
235235
236236 NONPOINTER-ATOMICRMW: Invalid record
237
238 RUN: not llvm-dis -disable-output %p/Inputs/invalid-fcmp-opnum.bc 2>&1 | \
239 RUN: FileCheck --check-prefix=INVALID-FCMP-OPNUM %s
240
241 INVALID-FCMP-OPNUM: Invalid record: operand number exceeded available operands