Make sure that isValidElementType(Type) before calling {Array,Struct}Type::get(Type)
authorFilipe Cabecinhas <me@filcab.net>
Wed, 29 Apr 2015 01:27:01 +0000 (01:27 +0000)
committerFilipe Cabecinhas <me@filcab.net>
Wed, 29 Apr 2015 01:27:01 +0000 (01:27 +0000)
Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236073 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Bitcode/Reader/BitcodeReader.cpp
test/Bitcode/Inputs/invalid-array-element-type.bc [new file with mode: 0644]
test/Bitcode/Inputs/invalid-vector-element-type.bc [new file with mode: 0644]
test/Bitcode/invalid.test

index 6656478..a381c30 100644 (file)
@@ -1474,7 +1474,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
     case bitc::TYPE_CODE_ARRAY:     // ARRAY: [numelts, eltty]
       if (Record.size() < 2)
         return Error("Invalid record");
-      if ((ResultTy = getTypeByID(Record[1])))
+      if ((ResultTy = getTypeByID(Record[1])) &&
+          StructType::isValidElementType(ResultTy))
         ResultTy = ArrayType::get(ResultTy, Record[0]);
       else
         return Error("Invalid type");
@@ -1482,7 +1483,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
     case bitc::TYPE_CODE_VECTOR:    // VECTOR: [numelts, eltty]
       if (Record.size() < 2)
         return Error("Invalid record");
-      if ((ResultTy = getTypeByID(Record[1])))
+      if ((ResultTy = getTypeByID(Record[1])) &&
+          StructType::isValidElementType(ResultTy))
         ResultTy = VectorType::get(ResultTy, Record[0]);
       else
         return Error("Invalid type");
diff --git a/test/Bitcode/Inputs/invalid-array-element-type.bc b/test/Bitcode/Inputs/invalid-array-element-type.bc
new file mode 100644 (file)
index 0000000..3ce4ba2
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-array-element-type.bc differ
diff --git a/test/Bitcode/Inputs/invalid-vector-element-type.bc b/test/Bitcode/Inputs/invalid-vector-element-type.bc
new file mode 100644 (file)
index 0000000..9c6c625
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-vector-element-type.bc differ
index 89cd0e9..6dfab58 100644 (file)
@@ -98,3 +98,10 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-fwdref-type-mismatch.bc 2>&1
 RUN:   FileCheck --check-prefix=FWDREF-TYPE %s
 
 FWDREF-TYPE: Invalid record
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-element-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-element-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ELEMENT-TYPE %s
+
+ELEMENT-TYPE: Invalid type