[BitcodeReader] Add bounds checking on Strtab (#76403)

This is needed to protect against global overflows, which was found by a fuzzer recently. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65283 --------- Signed-off-by: David Korczynski <david@adalogics.com>
author: DavidKorczynski <david@adalogics.com> 2023-12-27 08:26:21 +0000
committer: GitHub <noreply@github.com> 2023-12-27 09:26:21 +0100
commit: ae0b2633c935950084860e5f6a1c2c3203726489 (patch)
tree: cdc3a886b976714cc4f2a2c5839fbe8eefefc85b /llvm/lib/Bitcode/Reader/BitcodeReader.cpp
parent: 2df0fa41a3aa416d84f9f22490f329bf851d447e (diff)
download: llvm-ae0b2633c935950084860e5f6a1c2c3203726489.zip
llvm-ae0b2633c935950084860e5f6a1c2c3203726489.tar.gz
llvm-ae0b2633c935950084860e5f6a1c2c3203726489.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 8907f6f..a027d0c 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -4218,6 +4218,9 @@ Error BitcodeReader::parseGlobalIndirectSymbolRecord(
 
   // Check whether we have enough values to read a partition name.
   if (OpNum + 1 < Record.size()) {
+    // Check Strtab has enough values for the partition.
+    if (Record[OpNum] + Record[OpNum + 1] > Strtab.size())
+      return error("Malformed partition, too large.");
     NewGA->setPartition(
         StringRef(Strtab.data() + Record[OpNum], Record[OpNum + 1]));
     OpNum += 2;
author	DavidKorczynski <david@adalogics.com>	2023-12-27 08:26:21 +0000
committer	GitHub <noreply@github.com>	2023-12-27 09:26:21 +0100
commit	ae0b2633c935950084860e5f6a1c2c3203726489 (patch)
tree	cdc3a886b976714cc4f2a2c5839fbe8eefefc85b /llvm/lib/Bitcode/Reader/BitcodeReader.cpp
parent	2df0fa41a3aa416d84f9f22490f329bf851d447e (diff)
download	llvm-ae0b2633c935950084860e5f6a1c2c3203726489.zip llvm-ae0b2633c935950084860e5f6a1c2c3203726489.tar.gz llvm-ae0b2633c935950084860e5f6a1c2c3203726489.tar.bz2