[Bitcode] Check minimum size of constant GEP record

Checking this early, because we may end up reading up to two
records before the operands.

diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 93bff30..26eee99 100644 (file)
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -2676,6 +2676,8 @@ Error BitcodeReader::parseConstants() {
     case bitc::CST_CODE_CE_GEP: // [ty, n x operands]
     case bitc::CST_CODE_CE_GEP_WITH_INRANGE_INDEX: { // [ty, flags, n x
                                                      // operands]
+      if (Record.size() < 2)
+        return error("Constant GEP record must have at least two elements");
       unsigned OpNum = 0;
       Type *PointeeType = nullptr;
       if (BitCode == bitc::CST_CODE_CE_GEP_WITH_INRANGE_INDEX ||

diff --git a/llvm/test/Bitcode/Inputs/invalid-constant-gep.bc b/llvm/test/Bitcode/Inputs/invalid-constant-gep.bc
new file mode 100644 (file)
index 0000000..c936d15
Binary files /dev/null and b/llvm/test/Bitcode/Inputs/invalid-constant-gep.bc differ

diff --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test
index db8cfde..92c65ce 100644 (file)
--- a/llvm/test/Bitcode/invalid.test
+++ b/llvm/test/Bitcode/invalid.test
@@ -219,7 +219,12 @@ VOID-CONSTANT-TYPE: Invalid constant type
 RUN: not llvm-dis -disable-output %p/Inputs/invalid-gep-no-operands.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=GEP-NO-OPERANDS %s
 
-GEP-NO-OPERANDS: Invalid gep with no operands
+GEP-NO-OPERANDS: Constant GEP record must have at least two elements
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-constant-gep.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-CONSTANT-GEP %s
+
+INVALID-CONSTANT-GEP: Constant GEP record must have at least two elements
 
 RUN: not llvm-dis -disable-output %p/Inputs/invalid-nonpointer-storeatomic.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=NONPOINTER-STOREATOMIC %s