From 72248712e58b8825f2b0857bde4a811eb484ea82 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 9 Feb 2022 14:14:04 +0100 Subject: [PATCH] [Bitcode] Check minimum size of constant GEP record Checking this early, because we may end up reading up to two records before the operands. --- llvm/lib/Bitcode/Reader/BitcodeReader.cpp | 2 ++ llvm/test/Bitcode/Inputs/invalid-constant-gep.bc | Bin 0 -> 28 bytes llvm/test/Bitcode/invalid.test | 7 ++++++- 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 llvm/test/Bitcode/Inputs/invalid-constant-gep.bc diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp index 93bff30..26eee99 100644 --- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp +++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp @@ -2676,6 +2676,8 @@ Error BitcodeReader::parseConstants() { case bitc::CST_CODE_CE_GEP: // [ty, n x operands] case bitc::CST_CODE_CE_GEP_WITH_INRANGE_INDEX: { // [ty, flags, n x // operands] + if (Record.size() < 2) + return error("Constant GEP record must have at least two elements"); unsigned OpNum = 0; Type *PointeeType = nullptr; if (BitCode == bitc::CST_CODE_CE_GEP_WITH_INRANGE_INDEX || diff --git a/llvm/test/Bitcode/Inputs/invalid-constant-gep.bc b/llvm/test/Bitcode/Inputs/invalid-constant-gep.bc new file mode 100644 index 0000000000000000000000000000000000000000..c936d157542bc20bdbde2f279493d2cded173703 GIT binary patch literal 28 hcmZ>AK5*~*e}+E{iYyGw3_u{x!|?I=aUh3{0RWJE2kig= literal 0 HcmV?d00001 diff --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test index db8cfde..92c65ce 100644 --- a/llvm/test/Bitcode/invalid.test +++ b/llvm/test/Bitcode/invalid.test @@ -219,7 +219,12 @@ VOID-CONSTANT-TYPE: Invalid constant type RUN: not llvm-dis -disable-output %p/Inputs/invalid-gep-no-operands.bc 2>&1 | \ RUN: FileCheck --check-prefix=GEP-NO-OPERANDS %s -GEP-NO-OPERANDS: Invalid gep with no operands +GEP-NO-OPERANDS: Constant GEP record must have at least two elements + +RUN: not llvm-dis -disable-output %p/Inputs/invalid-constant-gep.bc 2>&1 | \ +RUN: FileCheck --check-prefix=INVALID-CONSTANT-GEP %s + +INVALID-CONSTANT-GEP: Constant GEP record must have at least two elements RUN: not llvm-dis -disable-output %p/Inputs/invalid-nonpointer-storeatomic.bc 2>&1 | \ RUN: FileCheck --check-prefix=NONPOINTER-STOREATOMIC %s -- 2.7.4