Fix a 32-bit overflow issue when reading LTO-generated bitcode files whose strtab are of size > 2^29

This happens when using -flto and -Wl,--plugin-opt=emit-llvm to create a linked LTO bitcode file, and the bitcode file has a strtab with size > 2^29. All the issues relate to a pattern like this size_t x64 = y64 + z32 * C When z32 is >= (2^32)/C, z32 * C overflows. Reviewed-by: MaskRay Differential Revision: https://reviews.llvm.org/D86500
author: Jianzhou Zhao <jianzhouzh@google.com> 2020-08-25 00:36:24 +0000
committer: Jianzhou Zhao <jianzhouzh@google.com> 2020-08-26 05:47:22 +0000
commit: 47849870278ce05cde03d41f03fd3a1e65ee22a6 (patch)
tree: bb305bdedad45e3e326b8371253da84ab06cd360 /llvm/lib/Bitstream/Reader/BitstreamReader.cpp
parent: a3ef1054fd5ba3177e2fe33d45e40de00b79f1f0 (diff)
download: llvm-47849870278ce05cde03d41f03fd3a1e65ee22a6.zip
llvm-47849870278ce05cde03d41f03fd3a1e65ee22a6.tar.gz
llvm-47849870278ce05cde03d41f03fd3a1e65ee22a6.tar.bz2
1 files changed, 7 insertions, 4 deletions
diff --git a/llvm/lib/Bitstream/Reader/BitstreamReader.cpp b/llvm/lib/Bitstream/Reader/BitstreamReader.cpp
index 2739137..2f153f1e 100644
--- a/llvm/lib/Bitstream/Reader/BitstreamReader.cpp
+++ b/llvm/lib/Bitstream/Reader/BitstreamReader.cpp
@@ -156,8 +156,9 @@ Expected<unsigned> BitstreamCursor::skipRecord(unsigned AbbrevID) {
         report_fatal_error("Array element type can't be an Array or a Blob");
       case BitCodeAbbrevOp::Fixed:
         assert((unsigned)EltEnc.getEncodingData() <= MaxChunkSize);
-        if (Error Err = JumpToBit(GetCurrentBitNo() +
-                                  NumElts * EltEnc.getEncodingData()))
+        if (Error Err =
+                JumpToBit(GetCurrentBitNo() + static_cast<uint64_t>(NumElts) *
+                                                  EltEnc.getEncodingData()))
           return std::move(Err);
         break;
       case BitCodeAbbrevOp::VBR:
@@ -186,7 +187,8 @@ Expected<unsigned> BitstreamCursor::skipRecord(unsigned AbbrevID) {
     SkipToFourByteBoundary();  // 32-bit alignment
 
     // Figure out where the end of this blob will be including tail padding.
-    size_t NewEnd = GetCurrentBitNo()+((NumElts+3)&~3)*8;
+    const size_t NewEnd =
+        GetCurrentBitNo() + ((static_cast<uint64_t>(NumElts) + 3) & ~3) * 8;
 
     // If this would read off the end of the bitcode file, just set the
     // record to empty and return.
@@ -314,7 +316,8 @@ Expected<unsigned> BitstreamCursor::readRecord(unsigned AbbrevID,
 
     // Figure out where the end of this blob will be including tail padding.
     size_t CurBitPos = GetCurrentBitNo();
-    size_t NewEnd = CurBitPos+((NumElts+3)&~3)*8;
+    const size_t NewEnd =
+        CurBitPos + ((static_cast<uint64_t>(NumElts) + 3) & ~3) * 8;
 
     // If this would read off the end of the bitcode file, just set the
     // record to empty and return.
author	Jianzhou Zhao <jianzhouzh@google.com>	2020-08-25 00:36:24 +0000
committer	Jianzhou Zhao <jianzhouzh@google.com>	2020-08-26 05:47:22 +0000
commit	47849870278ce05cde03d41f03fd3a1e65ee22a6 (patch)
tree	bb305bdedad45e3e326b8371253da84ab06cd360 /llvm/lib/Bitstream/Reader/BitstreamReader.cpp
parent	a3ef1054fd5ba3177e2fe33d45e40de00b79f1f0 (diff)
download	llvm-47849870278ce05cde03d41f03fd3a1e65ee22a6.zip llvm-47849870278ce05cde03d41f03fd3a1e65ee22a6.tar.gz llvm-47849870278ce05cde03d41f03fd3a1e65ee22a6.tar.bz2