From 1c299d05e6b75d5bdc87239aa7136773df44783e Mon Sep 17 00:00:00 2001 From: Filipe Cabecinhas Date: Sat, 16 May 2015 00:33:12 +0000 Subject: [BitcodeReader] Don't allow INSERTVAL/EXTRACTVAL with 0 indices This would trigger an assertion later. Bug found with AFL fuzz. llvm-svn: 237494 --- llvm/lib/Bitcode/Reader/BitcodeReader.cpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'llvm/lib/Bitcode/Reader/BitcodeReader.cpp') diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp index 7434660..e080091 100644 --- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp +++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp @@ -3555,10 +3555,13 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) { if (getValueTypePair(Record, OpNum, NextValueNo, Agg)) return Error("Invalid record"); + unsigned RecSize = Record.size(); + if (OpNum == RecSize) + return Error("EXTRACTVAL: Invalid instruction with 0 indices"); + SmallVector EXTRACTVALIdx; Type *CurTy = Agg->getType(); - for (unsigned RecSize = Record.size(); - OpNum != RecSize; ++OpNum) { + for (; OpNum != RecSize; ++OpNum) { bool IsArray = CurTy->isArrayTy(); bool IsStruct = CurTy->isStructTy(); uint64_t Index = Record[OpNum]; @@ -3594,10 +3597,13 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) { if (getValueTypePair(Record, OpNum, NextValueNo, Val)) return Error("Invalid record"); + unsigned RecSize = Record.size(); + if (OpNum == RecSize) + return Error("INSERTVAL: Invalid instruction with 0 indices"); + SmallVector INSERTVALIdx; Type *CurTy = Agg->getType(); - for (unsigned RecSize = Record.size(); - OpNum != RecSize; ++OpNum) { + for (; OpNum != RecSize; ++OpNum) { bool IsArray = CurTy->isArrayTy(); bool IsStruct = CurTy->isStructTy(); uint64_t Index = Record[OpNum]; -- cgit v1.1