From a3a2cab504a693ad926e93696ae9cadafba460ca Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 3 Jun 2015 01:30:13 +0000
Subject: [PATCH] [BitcodeReader] Diagnose type mismatches with aliases

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238895 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Bitcode/Reader/BitcodeReader.cpp              |   9 ++++++---
 .../Bitcode/Inputs/invalid-alias-type-mismatch.bc | Bin 0 -> 452 bytes
 test/Bitcode/invalid.test                         |   5 +++++
 3 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 test/Bitcode/Inputs/invalid-alias-type-mismatch.bc

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 9e5e46aae0b..75b3b9fd73c 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -2065,9 +2065,12 @@ std::error_code BitcodeReader::ResolveGlobalAndAliasInits() {
     if (ValID >= ValueList.size()) {
       AliasInits.push_back(AliasInitWorklist.back());
     } else {
-      if (Constant *C = dyn_cast_or_null<Constant>(ValueList[ValID]))
-        AliasInitWorklist.back().first->setAliasee(C);
-      else
+      if (Constant *C = dyn_cast_or_null<Constant>(ValueList[ValID])) {
+        GlobalAlias *Alias = AliasInitWorklist.back().first;
+        if (C->getType() != Alias->getType())
+          return Error("Alias and aliasee types don't match");
+        Alias->setAliasee(C);
+      } else
         return Error("Expected a constant");
     }
     AliasInitWorklist.pop_back();
diff --git a/test/Bitcode/Inputs/invalid-alias-type-mismatch.bc b/test/Bitcode/Inputs/invalid-alias-type-mismatch.bc
new file mode 100644
index 0000000000000000000000000000000000000000..5c4298944803c360db3d6aacddaa0d71019b9c95
GIT binary patch
literal 452
zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`Yyw7>lNeigR9QJB<yg9t8U$RK
zoF;KQwFnrASa3*qav8a(cyLWnR6Y{az$2+xq{4oJLojK@f)x(OJ}?5!=~Q4~;0Mx1
zN*tUDDXlERN=sUR#N(EQ6GVi3I(oQUT6_cylo^UyJcL|?PRKAyoMDh?JjD{mF~RbX
z(t!ye_c%{s0g^xvxkv}XaFAmIG6aFxn4>}F$U~Vl5k}h%XN#7@Jx&eml@;v8GYWa0
zG4Q_?;QP|RXUyXycj%z(xrH)m2CQIZ&C+L>ZBIDc_AuK5%_vl0U;vpXwn3rS#U+?k
zM<kJfr_fhW!AEpM0MP10pgbr{gjo(|9AfBE<2jhY%*e8smqj4KLI5bv1;p$D0%t`M
z)f8g3@^VbiWjRzD%_t}sl*{Jg;;~IuKv3~+n}bVB3o}q9#5|DOnOPilK>9&`6j5d{
mF$U6`1)D*{AqEBsK9H|L?n0O?3N-0z8qlN^h)F<6AOHZ3=3<%v

literal 0
HcmV?d00001

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index b120047e451..0aab553bb61 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -197,3 +197,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-length.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=VECTOR-LENGTH %s
 
 VECTOR-LENGTH: Invalid vector length
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-alias-type-mismatch.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=ALIAS-TYPE-MISMATCH %s
+
+ALIAS-TYPE-MISMATCH: Alias and aliasee types don't match