From 8b2199e2a28b75ff3edf36fc7157085da31301cf Mon Sep 17 00:00:00 2001 From: Filipe Cabecinhas Date: Thu, 30 Apr 2015 01:13:31 +0000 Subject: [PATCH] Make sure Op->getType() is a PointerType before we cast<> it. Bug found with AFL fuzz. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236193 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Bitcode/Reader/BitcodeReader.cpp | 2 ++ test/Bitcode/Inputs/invalid-load-pointer-type.bc | Bin 0 -> 452 bytes test/Bitcode/invalid.test | 5 +++++ 3 files changed, 7 insertions(+) create mode 100644 test/Bitcode/Inputs/invalid-load-pointer-type.bc diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp index 7778125e2d4..456df6dab8e 100644 --- a/lib/Bitcode/Reader/BitcodeReader.cpp +++ b/lib/Bitcode/Reader/BitcodeReader.cpp @@ -4065,6 +4065,8 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) { Type *Ty = nullptr; if (OpNum + 3 == Record.size()) Ty = getTypeByID(Record[OpNum++]); + if (!isa(Op->getType())) + return Error("Load operand is not a pointer type"); if (!Ty) Ty = cast(Op->getType())->getElementType(); else if (Ty != cast(Op->getType())->getElementType()) diff --git a/test/Bitcode/Inputs/invalid-load-pointer-type.bc b/test/Bitcode/Inputs/invalid-load-pointer-type.bc new file mode 100644 index 0000000000000000000000000000000000000000..b6a56c55b3bf6760bdd961d169d8329e403a113e GIT binary patch literal 452 zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJB}F$U~Vl5k}h%XN#7@Jx&eml@;v8GYWa0 zG4Q_?;QP|RXUyXycj%z(xrH)m2CQIZ&C+L>ZBIDc_AuK5%_vl0U;vpXwn3rS#U+?k zMCJ-8AmR|vvwR?5gWQEMTNG&0)ij_&1 | \ RUN: FileCheck --check-prefix=HUGE-FWDREF %s HUGE-FWDREF: Invalid record + +RUN: not llvm-dis -disable-output %p/Inputs/invalid-load-pointer-type.bc 2>&1 | \ +RUN: FileCheck --check-prefix=LOAD-BAD-TYPE %s + +LOAD-BAD-TYPE: Load operand is not a pointer type