6502/llvm-6502
1
0
Fork 0
mirror of https://github.com/c64scene-ar/llvm-6502.git synced 2025-07-25 13:24:46 +00:00
Code Issues Projects Releases Wiki Activity

[BitcodeReader] Sanity check on Comdat ID

Browse Source 
Shouldn't be an assert, since user input can trigger it.

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238261 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Filipe Cabecinhas
2015-05-26 23:00:56 +00:00
parent 116e31ffbe
commit 1c74d4768a
4 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/Bitcode/Reader/BitcodeReader.cpp
View File

@@ -2956,7 +2956,8 @@ std::error_code BitcodeReader::ParseModule(bool Resume,
if (Record.size() > 11) { if (Record.size() > 11) {
if (unsigned ComdatID = Record[11]) { if (unsigned ComdatID = Record[11]) {
assert(ComdatID <= ComdatList.size()); if (ComdatID > ComdatList.size())
return Error("Invalid global variable comdat ID");
NewGV->setComdat(ComdatList[ComdatID - 1]); NewGV->setComdat(ComdatList[ComdatID - 1]);
} }
} else if (hasImplicitComdat(RawLinkage)) { } else if (hasImplicitComdat(RawLinkage)) {
@@ -3020,7 +3021,8 @@ std::error_code BitcodeReader::ParseModule(bool Resume,
if (Record.size() > 12) { if (Record.size() > 12) {
if (unsigned ComdatID = Record[12]) { if (unsigned ComdatID = Record[12]) {
assert(ComdatID <= ComdatList.size()); if (ComdatID > ComdatList.size())
return Error("Invalid function comdat ID");
Func->setComdat(ComdatList[ComdatID - 1]); Func->setComdat(ComdatList[ComdatID - 1]);
} }
} else if (hasImplicitComdat(RawLinkage)) { } else if (hasImplicitComdat(RawLinkage)) {

BIN
test/Bitcode/Inputs/invalid-function-comdat-id.bc Normal file
View File

Binary file not shown.

BIN
test/Bitcode/Inputs/invalid-global-var-comdat-id.bc Normal file
View File

Binary file not shown.

10
test/Bitcode/invalid.test
View File

@@ -162,3 +162,13 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-fixme-streaming-blob.bc 2>&1
RUN: FileCheck --check-prefix=STREAMING-BLOB %s RUN: FileCheck --check-prefix=STREAMING-BLOB %s
STREAMING-BLOB: getPointer in streaming memory objects not allowed STREAMING-BLOB: getPointer in streaming memory objects not allowed
RUN: not llvm-dis -disable-output %p/Inputs/invalid-function-comdat-id.bc 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-FCOMDAT-ID %s
INVALID-FCOMDAT-ID: Invalid function comdat ID
RUN: not llvm-dis -disable-output %p/Inputs/invalid-global-var-comdat-id.bc 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-GVCOMDAT-ID %s
INVALID-GVCOMDAT-ID: Invalid global variable comdat ID