From 6621cb7478f02fd146eb26d2b0a3adadbc09596e Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Thu, 23 Apr 2015 13:38:21 +0000
Subject: Be more strict about the operand for the array type in BitcodeReader

Summary: Bug found with AFL fuzz.

Reviewers: rafael

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9016

llvm-svn: 235596
---
 llvm/lib/Bitcode/Reader/BitstreamReader.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'llvm/lib/Bitcode/Reader/BitstreamReader.cpp')

diff --git a/llvm/lib/Bitcode/Reader/BitstreamReader.cpp b/llvm/lib/Bitcode/Reader/BitstreamReader.cpp
index ff37b8e..2f34532 100644
--- a/llvm/lib/Bitcode/Reader/BitstreamReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitstreamReader.cpp
@@ -201,6 +201,9 @@ unsigned BitstreamCursor::readRecord(unsigned AbbrevID,
       // Get the element encoding.
       assert(i+2 == e && "array op not second to last?");
       const BitCodeAbbrevOp &EltEnc = Abbv->getOperandInfo(++i);
+      if (EltEnc.getEncoding() == BitCodeAbbrevOp::Array ||
+          EltEnc.getEncoding() == BitCodeAbbrevOp::Blob)
+        report_fatal_error("Array element type can't be an Array or a Blob");
 
       // Read all the elements.
       for (; NumElts; --NumElts)
-- 
cgit v1.1