Don't overflow GCTable

Summary: Bug found with AFL fuzz. Reviewers: rafael, dexonsmith Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D9361 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236200 91177308-0d34-0410-b5e6-96231b3b80d8
2024-09-27 15:57:13 +00:00 · 2015-04-30 04:09:41 +00:00 · 2015-04-30 04:09:41 +00:00 · deedba2a36
commit deedba2a36
parent 36a398fe70
3 changed files with 6 additions and 1 deletions
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@ -2992,7 +2992,7 @@ std::error_code BitcodeReader::ParseModule(bool Resume,
        // FIXME: Change to an error if non-default in 4.0.
        Func->setVisibility(GetDecodedVisibility(Record[7]));
      if (Record.size() > 8 && Record[8]) {
-        if (Record[8]-1 > GCTable.size())
+        if (Record[8]-1 >= GCTable.size())
          return Error("Invalid ID");
        Func->setGC(GCTable[Record[8]-1].c_str());
      }
--- a/test/Bitcode/Inputs/invalid-GCTable-overflow.bc
+++ b/test/Bitcode/Inputs/invalid-GCTable-overflow.bc
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@ -122,3 +122,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-load-pointer-type.bc 2>&1 |
 RUN:   FileCheck --check-prefix=LOAD-BAD-TYPE %s

 LOAD-BAD-TYPE: Load operand is not a pointer type
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-GCTable-overflow.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=GCTABLE-OFLOW %s
+
+GCTABLE-OFLOW: Invalid ID