This is an archive of the discontinued LLVM Phabricator instance.

[BitcodeReader] Use tighter upper bound to validate forward references.
ClosedPublic

Authored by fhahn on Jul 11 2019, 11:22 AM.

Details

Summary

At the moment, bitcode files with invalid forward reference can easily
cause the bitcode reader to run out of memory, by creating a forward
reference with a very high index.

We can use the size of the bitcode file as an upper bound, because a
valid bitcode file can never contain more records. This should be
sufficient to fail early in most cases. The only exception is large
files with invalid forward references close to the file size.

There are a couple of clusterfuzz runs that fail with out-of-memory
because of very high forward references and they should be fixed by this
patch.

A concrete example for this is D64507, which causes out-of-memory on
systems with low memory, like the hexagon upstream bots.

I am not entirely sure about the way we get the size of the stream in
this patch. Maybe it would be better to get NumWords, when we enter the
module block?

Diff Detail

Repository
rL LLVM

Event Timeline

fhahn created this revision.Jul 11 2019, 11:22 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 11 2019, 11:22 AM
fhahn marked an inline comment as done.Jul 11 2019, 11:24 AM
fhahn added inline comments.
llvm/test/Bitcode/pr18704.ll
3 ↗(On Diff #209275)

The invalid forward reference in this test is covered by the upper bound check now. Is there a tool that can take the output of llvm-bcanalyzer like in the test case and create a bitcode file?

jfb accepted this revision.Jul 11 2019, 2:31 PM
jfb added inline comments.
llvm/include/llvm/Bitstream/BitstreamReader.h
298 ↗(On Diff #209275)

I'd rather call this "sizeInBytes" or something. I get confused by bits and bytes :)

This revision is now accepted and ready to land.Jul 11 2019, 2:31 PM
This revision was automatically updated to reflect the committed changes.
fhahn marked an inline comment as done.