caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[BitcodeReader] Validate Strtab before accessing.

Browse Source 
This fixes a crash with invalid bitcode files that have records
referencing names in Strtab, but Strtab is not present or the index is
out-of-bounds.

This fixes the following clusterfuzz issue:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29895

Reviewed By: arsenm

Differential Revision: https://reviews.llvm.org/D95554
This commit is contained in:
Florian Hahn
2021-06-22 14:48:45 +01:00
parent e638a290f7
commit 34cccdaed7
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
llvm/lib/Bitcode/Reader/BitcodeReader.cpp
View File

@@ -3407,9 +3407,12 @@ Error BitcodeReader::parseFunctionRecord(ArrayRef<uint64_t> Record) {
// Record[16] is the address space number.
// Check whether we have enough values to read a partition name.
if (Record.size() > 18)
// Check whether we have enough values to read a partition name. Also make
// sure Strtab has enough values.
if (Record.size() > 18 && Strtab.data() &&
Record[17] + Record[18] <= Strtab.size()) {
Func->setPartition(StringRef(Strtab.data() + Record[17], Record[18]));
}
ValueList.push_back(Func);