Skip to content

Commit 6d52ea8

Browse files
nikicnikic
committed
[Bitcode] Prevent OOB read for invalid name size
1 parent 67348c8 commit 6d52ea8

File tree

3 files changed

+7
-0
lines changed

3 files changed

+7
-0
lines changed

llvm/lib/Bitcode/Reader/BitcodeReader.cpp

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3243,6 +3243,8 @@ Error BitcodeReader::parseComdatRecord(ArrayRef<uint64_t> Record) {
32433243
if (Record.size() < 2)
32443244
return error("Invalid record");
32453245
unsigned ComdatNameSize = Record[1];
3246+
if (ComdatNameSize > Record.size() - 2)
3247+
return error("Comdat name size too large");
32463248
OldFormatName.reserve(ComdatNameSize);
32473249
for (unsigned i = 0; i != ComdatNameSize; ++i)
32483250
OldFormatName += (char)Record[2 + i];

llvm/test/Bitcode/Inputs/comdat-name-too-large.bc

20 Bytes
Binary file not shown.

llvm/test/Bitcode/invalid.test

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -271,3 +271,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/unterminated-vbr.bc 2>&1 | \
271271
RUN: FileCheck --check-prefix=UNTERMINATED-VBR %s
272272

273273
UNTERMINATED-VBR: Unterminated VBR
274+
275+
RUN: not llvm-dis -disable-output %p/Inputs/comdat-name-too-large.bc 2>&1 | \
276+
RUN: FileCheck --check-prefix=COMDAT-NAME-TOO-LARGE %s
277+
278+
COMDAT-NAME-TOO-LARGE: Comdat name size too large

0 commit comments

Comments
 (0)