From 8e42190d2038d129f9ebec8e83a5380cf0fcff30 Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Wed, 3 Jun 2015 00:05:30 +0000
Subject: [PATCH] [BitcodeReader] Check vector size before trying to create a
 VectorType

Bug found with AFL fuzz

llvm-svn: 238891
---
 llvm/lib/Bitcode/Reader/BitcodeReader.cpp         |   2 ++
 llvm/test/Bitcode/Inputs/invalid-vector-length.bc | Bin 0 -> 512 bytes
 llvm/test/Bitcode/invalid.test                    |   5 +++++
 3 files changed, 7 insertions(+)
 create mode 100644 llvm/test/Bitcode/Inputs/invalid-vector-length.bc

diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 4044ac8..9e5e46a 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1497,6 +1497,8 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
     case bitc::TYPE_CODE_VECTOR:    // VECTOR: [numelts, eltty]
       if (Record.size() < 2)
         return Error("Invalid record");
+      if (Record[0] == 0)
+        return Error("Invalid vector length");
       ResultTy = getTypeByID(Record[1]);
       if (!ResultTy || !StructType::isValidElementType(ResultTy))
         return Error("Invalid type");
diff --git a/llvm/test/Bitcode/Inputs/invalid-vector-length.bc b/llvm/test/Bitcode/Inputs/invalid-vector-length.bc
new file mode 100644
index 0000000000000000000000000000000000000000..94b13ed0c373b6358febdb366481a25e4ab2e4a7
GIT binary patch
literal 512
zcmZ>AK5$Qwhk+rFfq{X$Nr8b0NDBcmd!zD1#}h1`MGznarEySoSjE`{j4UTHw(zL3
za!AUtbSE_kxH36S;&y5gFcPugknrR(a#8W%nxLqBB&dN$Qn5&d{RD?#(uxHu9FBcp
z1iGP9fq{V^NE<0}a4Mv<vIr|JX#o<CTNX|b5%THi;cjX15in3@C}!~xauGTq!)Sbl
zL89>#OBlxl%R@>BCV>3nJcR{F0)fOL9SFlgjt$5V1Y%>32ALxdWzs|#Z9AMTS`PO(
zHLzD!uourL<ax%x|5kwSO9P)VkCWV?gR<uq%A^^vf|WH(pJBE=;cVN(Yzs7_P=SE~
zWS-atg<cnzU{)QGL<XKhUqJ;Q(G3AWs}q6ppzsuCIhb*Xp+}A9U<NZI%VJ&@fdmTy
zpg0#0vj+&A6-iW6h}p`^F+G>%P-!%ypkPogn~RIbHdz5d#k*||E-fw0K$Q^lKyDXi
vanu3n2l-J%nZd*uNN*Nw1`&sVp5+7i8ssj7*`h#`uBHJ^N`aUJlmr3*LmYhQ

literal 0
HcmV?d00001

diff --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test
index 43f7c77..b120047 100644
--- a/llvm/test/Bitcode/invalid.test
+++ b/llvm/test/Bitcode/invalid.test
@@ -192,3 +192,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-metadata-not-followed-named-
 RUN:   FileCheck --check-prefix=META-NOT-FOLLOWED-BY-NAMED-META %s
 
 META-NOT-FOLLOWED-BY-NAMED-META: METADATA_NAME not followed by METADATA_NAMED_NODE
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-vector-length.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=VECTOR-LENGTH %s
+
+VECTOR-LENGTH: Invalid vector length
-- 
2.7.4