From 0eb8a59a679567334fd160d11ae4d6173ecbac0f Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Tue, 26 May 2015 23:00:56 +0000
Subject: [BitcodeReader] Sanity check on Comdat ID

Shouldn't be an assert, since user input can trigger it.

Bug found with AFL fuzz.

llvm-svn: 238261
---
 llvm/lib/Bitcode/Reader/BitcodeReader.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'llvm/lib/Bitcode/Reader/BitcodeReader.cpp')

diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 6eef594..3f21bb9 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -2956,7 +2956,8 @@ std::error_code BitcodeReader::ParseModule(bool Resume,
 
       if (Record.size() > 11) {
         if (unsigned ComdatID = Record[11]) {
-          assert(ComdatID <= ComdatList.size());
+          if (ComdatID > ComdatList.size())
+            return Error("Invalid global variable comdat ID");
           NewGV->setComdat(ComdatList[ComdatID - 1]);
         }
       } else if (hasImplicitComdat(RawLinkage)) {
@@ -3020,7 +3021,8 @@ std::error_code BitcodeReader::ParseModule(bool Resume,
 
       if (Record.size() > 12) {
         if (unsigned ComdatID = Record[12]) {
-          assert(ComdatID <= ComdatList.size());
+          if (ComdatID > ComdatList.size())
+            return Error("Invalid function comdat ID");
           Func->setComdat(ComdatList[ComdatID - 1]);
         }
       } else if (hasImplicitComdat(RawLinkage)) {
-- 
cgit v1.1