nicolas/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[BitcodeReader] Validate OpNum, before accessing Record array.

Browse Source 
Currently invalid bitcode files can cause a crash, when OpNum exceeds
the number of elements in Record, like in the attached bitcode file.

The test case was generated by clusterfuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15698

Reviewers: t.p.northover, thegameg, jfb

Reviewed By: jfb

Differential Revision: https://reviews.llvm.org/D64507

llvm-svn: 365750
This commit is contained in:
Florian Hahn
2019-07-11 09:57:00 +00:00
parent 08b4a8da07
commit 8b222ecf27
3 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
llvm/lib/Bitcode/Reader/BitcodeReader.cpp
View File

@@ -4165,6 +4165,10 @@ Error BitcodeReader::parseFunctionBody(Function *F) {
popValue(Record, OpNum, NextValueNo, LHS->getType(), RHS))
return error("Invalid record");
if (OpNum >= Record.size())
return error(
"Invalid record: operand number exceeded available operands");
unsigned PredVal = Record[OpNum];
bool IsFP = LHS->getType()->isFPOrFPVectorTy();
FastMathFlags FMF;