From 4c0055402f2c82d54555c98d24e2ea1a8abbe1f5 Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 15 Apr 2015 08:48:08 +0000
Subject: [PATCH] Verify sizes when trying to read a VBR

Also added an assert to ReadVBR64.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@234984 91177308-0d34-0410-b5e6-96231b3b80d8
---
 include/llvm/Bitcode/BitstreamReader.h     |   1 +
 lib/Bitcode/Reader/BitstreamReader.cpp     |   2 ++
 test/Bitcode/Inputs/invalid-VBR-too-big.bc | Bin 0 -> 612 bytes
 test/Bitcode/invalid.test                  |   5 +++++
 4 files changed, 8 insertions(+)
 create mode 100644 test/Bitcode/Inputs/invalid-VBR-too-big.bc

diff --git a/include/llvm/Bitcode/BitstreamReader.h b/include/llvm/Bitcode/BitstreamReader.h
index 18f6b9e011e..bae816675c0 100644
--- a/include/llvm/Bitcode/BitstreamReader.h
+++ b/include/llvm/Bitcode/BitstreamReader.h
@@ -395,6 +395,7 @@ public:
   // Read a VBR that may have a value up to 64-bits in size. The chunk size of
   // the VBR must still be <= 32 bits though.
   uint64_t ReadVBR64(unsigned NumBits) {
+    assert(NumBits <= 64 && "VBR can only be up to 64 bits in size.");
     uint32_t Piece = Read(NumBits);
     if ((Piece & (1U << (NumBits-1))) == 0)
       return uint64_t(Piece);
diff --git a/lib/Bitcode/Reader/BitstreamReader.cpp b/lib/Bitcode/Reader/BitstreamReader.cpp
index beaaf7a7d66..6e3bea1e87b 100644
--- a/lib/Bitcode/Reader/BitstreamReader.cpp
+++ b/lib/Bitcode/Reader/BitstreamReader.cpp
@@ -62,6 +62,8 @@ static uint64_t readAbbreviatedField(BitstreamCursor &Cursor,
   case BitCodeAbbrevOp::Fixed:
     return Cursor.Read((unsigned)Op.getEncodingData());
   case BitCodeAbbrevOp::VBR:
+    if ((unsigned)Op.getEncodingData() > 64)
+      report_fatal_error("Invalid record");
     return Cursor.ReadVBR64((unsigned)Op.getEncodingData());
   case BitCodeAbbrevOp::Char6:
     return BitCodeAbbrevOp::DecodeChar6(Cursor.Read(6));
diff --git a/test/Bitcode/Inputs/invalid-VBR-too-big.bc b/test/Bitcode/Inputs/invalid-VBR-too-big.bc
new file mode 100644
index 0000000000000000000000000000000000000000..35d00ba154b5eb9dc4a6e06f94db7ea3c0202667
GIT binary patch
literal 612
zcmZ>AK5$Qwhk;=l0|NthlL7-1kQM@B_D1E2jwe_=*#wL%Co#70sIqc!%CU4OHSoAH
zIZfhrN)a#;vEY#K<T7$m@!*=EsC*=-fk#rYNQM2x34x>)3syKB`@je^r&ED}feT0*
zDV^X@NNHu6thl5FNIY&?I6*|nr>%#(CB;WTK$)SK#Y0d4XtDDYkS-vQSOjzx2pkYd
zg)kV}G?*bQ0~bjMqe1Z$RPIS41A`!tZOqXibL62+nh2w9hqFb?;U1?3_R0$O;u(cJ
z&lvdM3h;et;4|iNk~?%z_S{05Gy_(!vS#Ts%(f?-ZF`t)fo2pcFfeccX*UIniM%`x
z#u5h<WV=}fx=UQb3}XCJm{=5KK~^y&Dljnc18HFvN7jQg6=DvwJ!EkcFh5WL6bI>N
z4-hyjl9;9tvsG3=Q1NP;gG)<FG?Sp<rCcr-7Y_@d3WyopKpJEQ<1B>)hQo~vY(PFX
uy-?qS?S<)aoTZRLtR9e?K=w2ySqQLT+5r@SxCf^0Ad%`AlX05|G7|s^=YF67

literal 0
HcmV?d00001

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index 9cab227ab19..59543d2ae79 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -55,3 +55,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-no-proper-module.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=NO-MODULE %s
 
 NO-MODULE: Malformed IR file
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-VBR-too-big.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=HUGE-VBR %s
+
+HUGE-VBR: Invalid record
-- 
2.34.1