From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 3 Jun 2015 00:05:30 +0000 (+0000)
Subject: [BitcodeReader] Check vector size before trying to create a VectorType
X-Git-Url: http://plrg.eecs.uci.edu/git/?p=oota-llvm.git;a=commitdiff_plain;h=287f68d65497f5c7a8a6a3a7a755ebf61891f5a5

[BitcodeReader] Check vector size before trying to create a VectorType

Bug found with AFL fuzz

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238891 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 4044ac80f20..9e5e46aae0b 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1497,6 +1497,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
     case bitc::TYPE_CODE_VECTOR:    // VECTOR: [numelts, eltty]
       if (Record.size() < 2)
         return Error("Invalid record");
+      if (Record[0] == 0)
+        return Error("Invalid vector length");
       ResultTy = getTypeByID(Record[1]);
       if (!ResultTy || !StructType::isValidElementType(ResultTy))
         return Error("Invalid type");
diff --git a/test/Bitcode/Inputs/invalid-vector-length.bc b/test/Bitcode/Inputs/invalid-vector-length.bc
new file mode 100644
index 00000000000..94b13ed0c37
Binary files /dev/null and b/test/Bitcode/Inputs/invalid-vector-length.bc differ
diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 43f7c77d598..b120047e451 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -192,3 +192,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-metadata-not-followed-named-
 RUN:   FileCheck --check-prefix=META-NOT-FOLLOWED-BY-NAMED-META %s
 
 META-NOT-FOLLOWED-BY-NAMED-META: METADATA_NAME not followed by METADATA_NAMED_NODE
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-length.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=VECTOR-LENGTH %s
+
+VECTOR-LENGTH: Invalid vector length