[BitcodeReader] Error out if we read an invalid function argument type

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237650 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 70b681000a719112e9edb425ddeee44667ebf633..bba29172a28c6208dc3b3491ae672fa5ab9a5ec4 100644 (file)
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1402,8 +1402,11 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
         return Error("Invalid record");
       SmallVector<Type*, 8> ArgTys;
       for (unsigned i = 2, e = Record.size(); i != e; ++i) {
-        if (Type *T = getTypeByID(Record[i]))
+        if (Type *T = getTypeByID(Record[i])) {
+          if (!FunctionType::isValidArgumentType(T))
+            return Error("Invalid function argument type");
           ArgTys.push_back(T);
+        }
         else
           break;
       }

diff --git a/test/Bitcode/Inputs/invalid-function-argument-type.bc b/test/Bitcode/Inputs/invalid-function-argument-type.bc
new file mode 100644 (file)
index 0000000..b00fb03
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-function-argument-type.bc differ

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index c4c635e08d395753447406804d97155566cc5b1e..7a2dbdcc1b3b183df35c8e3a409f8d10efb78ed9 100644 (file)
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -152,3 +152,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-code-len-width.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=INVALID-CODELENWIDTH %s
 
 INVALID-CODELENWIDTH: Malformed block
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-function-argument-type.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-ARGUMENT-TYPE %s
+
+INVALID-ARGUMENT-TYPE: Invalid function argument type