llvm.org GIT mirror llvm / 7280037
Recommit "[BitcodeReader] Validate OpNum, before accessing Record array." This recommits r365750 (git commit 8b222ecf2769ee133691f208f6166ce118c4a164) Original message: Currently invalid bitcode files can cause a crash, when OpNum exceeds the number of elements in Record, like in the attached bitcode file. The test case was generated by clusterfuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15698 Reviewers: t.p.northover, thegameg, jfb Reviewed By: jfb Differential Revision: https://reviews.llvm.org/D64507 llvm-svn: 365750jkkkk git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@366018 91177308-0d34-0410-b5e6-96231b3b80d8 Florian Hahn a month ago
3 changed file(s) with 9 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
41704170 popValue(Record, OpNum, NextValueNo, LHS->getType(), RHS))
41714171 return error("Invalid record");
4173 if (OpNum >= Record.size())
4174 return error(
4175 "Invalid record: operand number exceeded available operands");
41734177 unsigned PredVal = Record[OpNum];
41744178 bool IsFP = LHS->getType()->isFPOrFPVectorTy();
41754179 FastMathFlags FMF;
234234 RUN: FileCheck --check-prefix=NONPOINTER-ATOMICRMW %s
236236 NONPOINTER-ATOMICRMW: Invalid record
238 RUN: not llvm-dis -disable-output %p/Inputs/invalid-fcmp-opnum.bc 2>&1 | \
239 RUN: FileCheck --check-prefix=INVALID-FCMP-OPNUM %s
241 INVALID-FCMP-OPNUM: Invalid record: operand number exceeded available operands