Check bit widths before trying to get a type.

author Filipe Cabecinhas <me@filcab.net>

Fri, 30 Jan 2015 18:13:50 +0000 (18:13 +0000)

committer Filipe Cabecinhas <me@filcab.net>

Fri, 30 Jan 2015 18:13:50 +0000 (18:13 +0000)
author Filipe Cabecinhas <me@filcab.net>
Fri, 30 Jan 2015 18:13:50 +0000 (18:13 +0000)
committer Filipe Cabecinhas <me@filcab.net>
Fri, 30 Jan 2015 18:13:50 +0000 (18:13 +0000)
diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp

index c3589bce3980c0a7507cf00811806ee454bd7627..0af344ab5572b5c94679c1530c680a1e54db57b7 100644 (file)
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -950,12 +950,17 @@ std::error_code BitcodeReader::ParseTypeTableBody() {
      case bitc::TYPE_CODE_X86_MMX:   // X86_MMX
        ResultTy = Type::getX86_MMXTy(Context);
        break;
-    case bitc::TYPE_CODE_INTEGER:   // INTEGER: [width]
+    case bitc::TYPE_CODE_INTEGER: { // INTEGER: [width]
        if (Record.size() < 1)
          return Error("Invalid record");
  
-      ResultTy = IntegerType::get(Context, Record[0]);
+      uint64_t NumBits = Record[0];
+      if (NumBits < IntegerType::MIN_INT_BITS ||
+          NumBits > IntegerType::MAX_INT_BITS)
+        return Error("Bitwidth for integer type out of range");
+      ResultTy = IntegerType::get(Context, NumBits);
        break;
+    }
      case bitc::TYPE_CODE_POINTER: { // POINTER: [pointee type] or
                                      //          [pointee type, address space]
        if (Record.size() < 1)
diff --git a/test/Bitcode/Inputs/invalid-bitwidth.bc b/test/Bitcode/Inputs/invalid-bitwidth.bc

new file mode 100644 (file)

index 0000000..e9028f7

Binary files /dev/null and b/test/Bitcode/Inputs/invalid-bitwidth.bc differ
diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test

index 19ef3267cc6627981f94d42c6857831070c98506..3eaa0394dbae11fb8a2f47bfe6c8769139d58692 100644 (file)
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -6,8 +6,14 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-unexpected-eof.bc 2>&1 | \
  RUN:   FileCheck --check-prefix=UNEXPECTED-EOF %s
  RUN: not llvm-dis -disable-output %p/Inputs/invalid-bad-abbrev-number.bc 2>&1 | \
  RUN:   FileCheck --check-prefix=BAD-ABBREV-NUMBER %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-type-table-forward-ref.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=BAD-TYPE-TABLE-FORWARD-REF %s
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-bitwidth.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=BAD-BITWIDTH %s
  
  INVALID-ENCODING: Invalid encoding
  BAD-ABBREV: Abbreviation starts with an Array or a Blob
  UNEXPECTED-EOF: Unexpected end of file
  BAD-ABBREV-NUMBER: Invalid abbrev number
+BAD-TYPE-TABLE-FORWARD-REF: Invalid TYPE table: Only named structs can be forward referenced
+BAD-BITWIDTH: Bitwidth for integer type out of range
author	Filipe Cabecinhas <me@filcab.net>
	Fri, 30 Jan 2015 18:13:50 +0000 (18:13 +0000)
committer	Filipe Cabecinhas <me@filcab.net>
	Fri, 30 Jan 2015 18:13:50 +0000 (18:13 +0000)
lib/Bitcode/Reader/BitcodeReader.cpp		patch \| blob \| history
test/Bitcode/Inputs/invalid-bitwidth.bc	[new file with mode: 0644]	patch \| blob
test/Bitcode/invalid.test		patch \| blob \| history