[BitcodeReader] Fix asserts when we read a non-vector type for insert/extract/shuffle

Added some additional checking for vector types + tests.

Bug found with AFL fuzz.

llvm-svn: 235710
This commit is contained in:
Filipe Cabecinhas 2015-04-24 11:30:15 +00:00
parent b9355045e1
commit ff1e234fb8
5 changed files with 18 additions and 2 deletions

View File

@ -3646,6 +3646,8 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) {
if (getValueTypePair(Record, OpNum, NextValueNo, Vec) ||
getValueTypePair(Record, OpNum, NextValueNo, Idx))
return Error("Invalid record");
if (!Vec->getType()->isVectorTy())
return Error("Invalid type for value");
I = ExtractElementInst::Create(Vec, Idx);
InstructionList.push_back(I);
break;
@ -3654,8 +3656,11 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) {
case bitc::FUNC_CODE_INST_INSERTELT: { // INSERTELT: [ty, opval,opval,opval]
unsigned OpNum = 0;
Value *Vec, *Elt, *Idx;
if (getValueTypePair(Record, OpNum, NextValueNo, Vec) ||
popValue(Record, OpNum, NextValueNo,
if (getValueTypePair(Record, OpNum, NextValueNo, Vec))
return Error("Invalid record");
if (!Vec->getType()->isVectorTy())
return Error("Invalid type for value");
if (popValue(Record, OpNum, NextValueNo,
cast<VectorType>(Vec->getType())->getElementType(), Elt) ||
getValueTypePair(Record, OpNum, NextValueNo, Idx))
return Error("Invalid record");
@ -3673,6 +3678,8 @@ std::error_code BitcodeReader::ParseFunctionBody(Function *F) {
if (getValueTypePair(Record, OpNum, NextValueNo, Mask))
return Error("Invalid record");
if (!Vec1->getType()->isVectorTy() || !Vec2->getType()->isVectorTy())
return Error("Invalid type for value");
I = new ShuffleVectorInst(Vec1, Vec2, Mask);
InstructionList.push_back(I);
break;

View File

@ -78,3 +78,12 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-type.bc 2>&1 | \
RUN: FileCheck --check-prefix=ARRAY-TYPE %s
ARRAY-TYPE: Array element type can't be an Array or a Blob
RUN: not llvm-dis -disable-output %p/Inputs/invalid-non-vector-extractelement.bc 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-TYPE %s
RUN: not llvm-dis -disable-output %p/Inputs/invalid-non-vector-insertelement.bc 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-TYPE %s
RUN: not llvm-dis -disable-output %p/Inputs/invalid-non-vector-shufflevector.bc 2>&1 | \
RUN: FileCheck --check-prefix=INVALID-TYPE %s
INVALID-TYPE: Invalid type for value