From b435d0f4395448620e3e15411e635c102d915a2e Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Tue, 28 Apr 2015 20:18:47 +0000
Subject: [PATCH] Relax an assert when there's a type mismatch in forward
 references

Summary:
We don't seem to need to assert here, since this function's callers expect
to get a nullptr on error. This way we don't assert on user input.

Bug found with AFL fuzz.

Reviewers: rafael

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9308

llvm-svn: 236027
---
 llvm/lib/Bitcode/Reader/BitcodeReader.cpp                |   4 +++-
 llvm/test/Bitcode/Inputs/invalid-fwdref-type-mismatch.bc | Bin 0 -> 612 bytes
 llvm/test/Bitcode/invalid.test                           |   5 +++++
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 llvm/test/Bitcode/Inputs/invalid-fwdref-type-mismatch.bc

diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 35e98c0..6656478 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -794,7 +794,9 @@ Value *BitcodeReaderValueList::getValueFwdRef(unsigned Idx, Type *Ty) {
     resize(Idx + 1);
 
   if (Value *V = ValuePtrs[Idx]) {
-    assert((!Ty || Ty == V->getType()) && "Type mismatch in value table!");
+    // If the types don't match, it's invalid.
+    if (Ty && Ty != V->getType())
+      return nullptr;
     return V;
   }
 
diff --git a/llvm/test/Bitcode/Inputs/invalid-fwdref-type-mismatch.bc b/llvm/test/Bitcode/Inputs/invalid-fwdref-type-mismatch.bc
new file mode 100644
index 0000000000000000000000000000000000000000..d1c9560257a7e4fe323772c4b7825454bb62e3a7
GIT binary patch
literal 612
zcmZ>AK5$Qwhk;=l0|NthlL7-1kQM@B_D1E2jwe_=*#wL%Co#70sIqcM%CU4OHSoAH
zIZfhrN)a#;vEY#K<T7$m@!%3rR6Y{az$2+xq{4pUgh0}Y1uGnmeP9Hd)2YC~zy+j@
zlumFcq_nb3R$S5oBp$acoFF3P)7Hb?lHwyEpv+Lr;vpyiwAgtHNEZ-DECRX;1P%zK
zLKqBf8q5%ufr})B(V%z=D)%Ijfk6<+Hs)xMIr2~@O@z_5!`Y(caF0_1du0WC@r**A
zXAJyr1^B)+@EP+s$sIZ<dv2jjngJ_VS+n#RX4@0awmr<YKr;#z7#KK!w3~v(L|z^T
zV~GO_vfZo#-6bwz1~GmqOe_krAgdS>6&M)!fwVA-BkRGL3NZ)T9<sOzm>(zrii7mC
z2MC-MNla6S*(xg_sCc!_!KEc7nn_UbQZAQ^i-!eJ1;h+)APq8uah5^?!{J5-HXt9H
uUa0TE_QLcy&QeGrRu9NcAbT2<ECg6E?Es2E+yhg0kVtim$+*n}nF#<MXnrsN

literal 0
HcmV?d00001

diff --git a/llvm/test/Bitcode/invalid.test b/llvm/test/Bitcode/invalid.test
index 0bed40b..89cd0e9 100644
--- a/llvm/test/Bitcode/invalid.test
+++ b/llvm/test/Bitcode/invalid.test
@@ -93,3 +93,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-non-vector-shufflevector.bc
 RUN:   FileCheck --check-prefix=INVALID-TYPE %s
 
 INVALID-TYPE: Invalid type for value
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-fwdref-type-mismatch.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=FWDREF-TYPE %s
+
+FWDREF-TYPE: Invalid record
-- 
2.7.4