Make sure we don't resize(0) when we get a fwdref with Idx == UINT_MAX

Make it an error instead. Bug found with AFL fuzz. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236190 91177308-0d34-0410-b5e6-96231b3b80d8
2025-06-15 21:24:00 +00:00 · 2015-04-30 00:52:42 +00:00
parent 4689501178
commit a607be94ca
3 changed files with 9 additions and 0 deletions
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@ -790,6 +790,10 @@ Constant *BitcodeReaderValueList::getConstantFwdRef(unsigned Idx,
 }

 Value *BitcodeReaderValueList::getValueFwdRef(unsigned Idx, Type *Ty) {
+  // Bail out for a clearly invalid value. This would make us call resize(0)
+  if (Idx == UINT_MAX)
+    return nullptr;
+
  if (Idx >= size())
    resize(Idx + 1);