From 2e0aa49547051cf6d1fe6ef62538296704a8da9d Mon Sep 17 00:00:00 2001
From: Florian Hahn <flo@fhahn.com>
Date: Wed, 7 Aug 2019 17:20:55 +0000
Subject: [PATCH] [DataLayout] Check StackNatural and FunctionPtr alignments.

MaybeAlignment asserts that the passed in value is == 0 or a power of 2.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16272

Reviewers: michaelplatings, gchatelet, jakehehrlich, jfb

Reviewed By: gchatelet

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D65858

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@368191 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/IR/DataLayout.cpp                            |  10 ++++++++--
 .../datalayout-invalid-function-ptr-alignment.ll |   5 +++++
 ...datalayout-invalid-stack-natural-alignment.ll |   5 +++++
 test/Bitcode/invalid-functionptr-align.ll        |   5 +++++
 test/Bitcode/invalid-functionptr-align.ll.bc     | Bin 0 -> 1588 bytes
 5 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 test/Assembler/datalayout-invalid-function-ptr-alignment.ll
 create mode 100644 test/Assembler/datalayout-invalid-stack-natural-alignment.ll
 create mode 100644 test/Bitcode/invalid-functionptr-align.ll
 create mode 100644 test/Bitcode/invalid-functionptr-align.ll.bc

diff --git a/lib/IR/DataLayout.cpp b/lib/IR/DataLayout.cpp
index ab90388fae3..1b9ff3922d1 100644
--- a/lib/IR/DataLayout.cpp
+++ b/lib/IR/DataLayout.cpp
@@ -378,7 +378,10 @@ void DataLayout::parseSpecifier(StringRef Desc) {
       }
       break;
     case 'S': { // Stack natural alignment.
-      StackNaturalAlign = MaybeAlign(inBytes(getInt(Tok)));
+      uint64_t Alignment = inBytes(getInt(Tok));
+      if (Alignment != 0 && !llvm::isPowerOf2_64(Alignment))
+        report_fatal_error("Alignment is neither 0 nor a power of 2");
+      StackNaturalAlign = MaybeAlign(Alignment);
       break;
     }
     case 'F': {
@@ -394,7 +397,10 @@ void DataLayout::parseSpecifier(StringRef Desc) {
                            "datalayout string");
       }
       Tok = Tok.substr(1);
-      FunctionPtrAlign = MaybeAlign(inBytes(getInt(Tok)));
+      uint64_t Alignment = inBytes(getInt(Tok));
+      if (Alignment != 0 && !llvm::isPowerOf2_64(Alignment))
+        report_fatal_error("Alignment is neither 0 nor a power of 2");
+      FunctionPtrAlign = MaybeAlign(Alignment);
       break;
     }
     case 'P': { // Function address space.
diff --git a/test/Assembler/datalayout-invalid-function-ptr-alignment.ll b/test/Assembler/datalayout-invalid-function-ptr-alignment.ll
new file mode 100644
index 00000000000..21cd6a6dc78
--- /dev/null
+++ b/test/Assembler/datalayout-invalid-function-ptr-alignment.ll
@@ -0,0 +1,5 @@
+; RUN: not llvm-as %s 2>&1 | FileCheck %s
+
+; CHECK: LLVM ERROR: Alignment is neither 0 nor a power of 2
+
+target datalayout = "Fi24"
diff --git a/test/Assembler/datalayout-invalid-stack-natural-alignment.ll b/test/Assembler/datalayout-invalid-stack-natural-alignment.ll
new file mode 100644
index 00000000000..c8d7ba62ab8
--- /dev/null
+++ b/test/Assembler/datalayout-invalid-stack-natural-alignment.ll
@@ -0,0 +1,5 @@
+; RUN: not llvm-as %s 2>&1 | FileCheck %s
+
+; CHECK: LLVM ERROR: Alignment is neither 0 nor a power of 2
+
+target datalayout = "S24"
diff --git a/test/Bitcode/invalid-functionptr-align.ll b/test/Bitcode/invalid-functionptr-align.ll
new file mode 100644
index 00000000000..4ff797a4b01
--- /dev/null
+++ b/test/Bitcode/invalid-functionptr-align.ll
@@ -0,0 +1,5 @@
+; Bitcode with invalid function pointer alignment.
+
+; RUN: not llvm-dis %s.bc -o - 2>&1 | FileCheck %s
+
+CHECK: LLVM ERROR: Alignment is neither 0 nor a power of 2
diff --git a/test/Bitcode/invalid-functionptr-align.ll.bc b/test/Bitcode/invalid-functionptr-align.ll.bc
new file mode 100644
index 0000000000000000000000000000000000000000..38e4ed8f11059141e8ae219c5a006b78176559f2
GIT binary patch
literal 1588
zcmZ8heN0nV6u+<U(O00n_k>2vczwJFXc~j^EKJHuO+V0J)+{Bm&3%})FdAGCYTIDN
zY-wrnRqc{u*wSQXfyFIZ_77RivOkQr6qT^fI9UuM$fy)TmX0xHUx|ymw_UcmlY7p&
z=iGD8{oQllI~HqV=~)#3MF4;<rC4Ws<=WcD+<`qWzRMKNK);{_;1C8tsZ0Pe7*he6
z4AzdCXNbdcM%Qu?3oCaPDJnVQLRWw}D6?EFwS*a+O0Q5qU!t=_+G8r-dMNTSsMJ}A
z!&Gcr&9vRz5sYR+tLF*fki0_;Krzf&6<dA+i8RTYc;$XZ2I{IJ0(ifS_!+rz9zp<z
zVJwa?oHeO;DZ-+_18@#94Sl*AMKS;82vJdUISj>0cp|1Mw?(3*;joQq@)C+9i)qIM
zOYbaG(}`nVBB@F!5-g^+!?U|SViy3nm7vy5bS^-l$#~gaf!YEz91FZ=(?p|@cjip=
zg9Nq3Q#oilsjP`!Gf`U(DhtizQyJ1vucn_~&Hc|5s4P5=|5q;X?6Qf5143GGaD_<$
zTN*?D2PO)lLUO!p5kq?+HUuV*--QxVO_n(OIrhPcf$Qt5Eq@+-PrC1Y^xD#g*W*7m
zFTTpnegE*vwa3p$-{pRrzu}@s16=^Xf)>aT=~Ndn`B%?7%BzU;yWw{-4TFFWa-$-^
zPG?w`3NuEm`fw_036Q7#q&I$2xd!MT8EPv)H7YIKR8n($f^~^S`LIw`8aK{ZjZxf~
z_D6kg@{EE!-7dM^<d7R5^h<7Ds!VUAaxp3+()}X6vPo^)sYYg6vm~(df@aFexx{mZ
zt0BW3Ys(e9^=ha!j2qIMszC>Nrk8B)l{`=eBzH`5JIFyTIrw`KOnWLIy`hj!swGcc
zIvo$zZ){Q<%hWFkDktJyGZSoff=%b;qLZB!*y*5V)+xUiv$o7wTjF{7WlBG0)kko{
zSgHXY`gqvzEpC`hDQ_K@+(#vkJLKyn{SL{emVDz<<?SQ%2B06>scei|G0_?LIPey{
zR<oGorp(-3fn5x8i_2^_qxk{jT<Q+}r1iN=Aw$|;_xD8{(kVabk9XL%Vl=7%_ZBzn
zWY-1FQd08{#v#ChX45I}90}>uDZ`}I2n+Ifsx@mhM4*|9-Y9`Ll}<rC3UWwGdg8&?
zR~RanpjPeFBe6Dl*UV)zJLWT*C5%Ha{3-muN}(<-@n~Va$f2X|xYY=+J!x&ZlNw%Q
zZ%&l0o6&Qw37P^9@C^fi9PT00t(QZFORzY&aXi!t3l&SDf7ZzZAVOV1wAI5<Kp<YN
zHtA$`S-2Kl*$M4h`AufnVdwFEUx`GjJ}BA+ZL%iaMwH4*s>0@RkeI{-EjDRlhIf~%
z`xV<o^?p8z0avA5Xs=@xJ7A74nBM)4`nGP{tzv$p;*VgXW0#$nZ);y;0-xCV18>jW
zW5$}@su!{qUptf~%t3Hg`SSg0ley_g_*meGezaPTuQiN5VSg3*cOAuHP=CS9PmkD!
z=V1RsbdoRh9v#Khgh3p&!aViB^;$S9$H($L3f&pi5VlUx1{v9Q$cT_e8v~FLRTorV
z*Z;>x?tcz|bJUv=A&t5rs4L7--H{Jz<X1pHqGJ%#cBmny&yd~Q<3H}}cJ}oRbT{u6
z_ln-Zejf53Ph;c0eWKXcH+Z7K*W>jybb6fqUe|!<gtx&qFyMZvr`tE+IX=|WP}sb;
JuMedIe*t}?`S}0<

literal 0
HcmV?d00001

-- 
2.50.0