From: Nikita Popov <npopov@redhat.com>
Date: Wed, 9 Feb 2022 13:14:04 +0000 (+0100)
Subject: [Bitcode] Check minimum size of constant GEP record
X-Git-Tag: upstream/15.0.7~17203
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=72248712e58b8825f2b0857bde4a811eb484ea82;p=platform%2Fupstream%2Fllvm.git

[Bitcode] Check minimum size of constant GEP record

Checking this early, because we may end up reading up to two
records before the operands.
---

diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 93bff30..26eee99 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -2676,6 +2676,8 @@ Error BitcodeReader::parseConstants() {
     case bitc::CST_CODE_CE_GEP: // [ty, n x operands]
     case bitc::CST_CODE_CE_GEP_WITH_INRANGE_INDEX: { // [ty, flags, n x
                                                      // operands]
+      if (Record.size() < 2)
+        return error("Constant GEP record must have at least two elements");
       unsigned OpNum = 0;
       Type *PointeeType = nullptr;
       if (BitCode == bitc::CST_CODE_CE_GEP_WITH_INRANGE_INDEX ||
diff --git a/llvm/test/Bitcode/Inputs/invalid-constant-gep.bc b/llvm/test/Bitcode/Inputs/invalid-constant-gep.bc
new file mode 100644
index 0000000..c936d15
Binary files /dev/null and b/llvm/test/Bitcode/Inputs/invalid-constant-gep.bc differ
diff --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test
index db8cfde..92c65ce 100644
--- a/llvm/test/Bitcode/invalid.test
+++ b/llvm/test/Bitcode/invalid.test
@@ -219,7 +219,12 @@ VOID-CONSTANT-TYPE: Invalid constant type
 RUN: not llvm-dis -disable-output %p/Inputs/invalid-gep-no-operands.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=GEP-NO-OPERANDS %s
 
-GEP-NO-OPERANDS: Invalid gep with no operands
+GEP-NO-OPERANDS: Constant GEP record must have at least two elements
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-constant-gep.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-CONSTANT-GEP %s
+
+INVALID-CONSTANT-GEP: Constant GEP record must have at least two elements
 
 RUN: not llvm-dis -disable-output %p/Inputs/invalid-nonpointer-storeatomic.bc 2>&1 | \
 RUN:   FileCheck --check-prefix=NONPOINTER-STOREATOMIC %s