From: Rafael Espindola <rafael.espindola@gmail.com>
Date: Thu, 31 Oct 2013 04:20:23 +0000 (+0000)
Subject: Fix a use after free on invalid input.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cc8c673e61c05dcfd4aaf34f0d1a1454991bc795;p=llvm

Fix a use after free on invalid input.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@193737 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index e408cd1f981..1661990f065 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -623,11 +623,7 @@ bool BitcodeReader::ParseAttrKind(uint64_t Code, Attribute::AttrKind *Kind) {
     *Kind = Attribute::ZExt;
     return false;
   default:
-    std::string Buf;
-    raw_string_ostream fmt(Buf);
-    fmt << "Unknown attribute kind (" << Code << ")";
-    fmt.flush();
-    return Error(Buf.c_str());
+    return Error("Unknown attribute kind");
   }
 }
 
diff --git a/test/Bitcode/invalid.ll b/test/Bitcode/invalid.ll
new file mode 100644
index 00000000000..49189bf8c06
--- /dev/null
+++ b/test/Bitcode/invalid.ll
@@ -0,0 +1,7 @@
+; RUN:  not llvm-dis < %s.bc 2>&1 | FileCheck %s
+
+; CHECK: llvm-dis: Unknown attribute kind
+
+; invalid.ll.bc has an invalid attribute number.
+; The test checks that LLVM reports the error and doesn't access freed memory
+; in doing so.
diff --git a/test/Bitcode/invalid.ll.bc b/test/Bitcode/invalid.ll.bc
new file mode 100644
index 00000000000..b8b1c47b6a3
Binary files /dev/null and b/test/Bitcode/invalid.ll.bc differ