Index: include/llvm/Bitcode/BitCodes.h =================================================================== --- include/llvm/Bitcode/BitCodes.h +++ include/llvm/Bitcode/BitCodes.h @@ -96,6 +96,7 @@ Char6 = 4, // A 6-bit fixed field which maps to [a-zA-Z0-9._]. Blob = 5 // 32-bit aligned array of 8-bit characters. }; + static bool isValidEncoding(Encoding Enc) { return 0 < (int) Enc && (int)Enc <= (int)Blob; } explicit BitCodeAbbrevOp(uint64_t V) : Val(V), IsLiteral(true) {} explicit BitCodeAbbrevOp(Encoding E, uint64_t Data = 0) Index: include/llvm/Bitcode/BitstreamReader.h =================================================================== --- include/llvm/Bitcode/BitstreamReader.h +++ include/llvm/Bitcode/BitstreamReader.h @@ -507,7 +507,7 @@ //===--------------------------------------------------------------------===// // Abbrev Processing //===--------------------------------------------------------------------===// - void ReadAbbrevRecord(); + bool ReadAbbrevRecord(); bool ReadBlockInfoBlock(); }; Index: lib/Bitcode/Reader/BitstreamReader.cpp =================================================================== --- lib/Bitcode/Reader/BitstreamReader.cpp +++ lib/Bitcode/Reader/BitstreamReader.cpp @@ -237,7 +237,7 @@ } -void BitstreamCursor::ReadAbbrevRecord() { +bool BitstreamCursor::ReadAbbrevRecord() { BitCodeAbbrev *Abbv = new BitCodeAbbrev(); unsigned NumOpInfo = ReadVBR(5); for (unsigned i = 0; i != NumOpInfo; ++i) { @@ -248,6 +248,9 @@ } BitCodeAbbrevOp::Encoding E = (BitCodeAbbrevOp::Encoding)Read(3); + if(!BitCodeAbbrevOp::isValidEncoding(E)) + return true; + if (BitCodeAbbrevOp::hasEncodingData(E)) { unsigned Data = ReadVBR64(5); @@ -265,6 +268,7 @@ Abbv->Add(BitCodeAbbrevOp(E)); } CurAbbrevs.push_back(Abbv); + return false; } bool BitstreamCursor::ReadBlockInfoBlock() { @@ -295,7 +299,8 @@ // Read abbrev records, associate them with CurBID. if (Entry.ID == bitc::DEFINE_ABBREV) { if (!CurBlockInfo) return true; - ReadAbbrevRecord(); + if (ReadAbbrevRecord()) + return true; // ReadAbbrevRecord installs the abbrev in CurAbbrevs. Move it to the // appropriate BlockInfo. @@ -334,4 +339,3 @@ } } } - Index: test/Bitcode/bad-abbrev-record.txt =================================================================== --- /dev/null +++ test/Bitcode/bad-abbrev-record.txt @@ -0,0 +1,4 @@ +; RUN: not llvm-dis < %s.bc 2>&1 | FileCheck %s +; CHECK: llvm-dis: Malformed block + +http://llvm.org/bugs/show_bug.cgi?id=20485 Index: tools/llvm-bcanalyzer/llvm-bcanalyzer.cpp =================================================================== --- tools/llvm-bcanalyzer/llvm-bcanalyzer.cpp +++ tools/llvm-bcanalyzer/llvm-bcanalyzer.cpp @@ -377,7 +377,7 @@ BitstreamEntry Entry = Stream.advance(BitstreamCursor::AF_DontAutoprocessAbbrevs); - + switch (Entry.Kind) { case BitstreamEntry::Error: return Error("malformed bitcode file"); @@ -393,14 +393,14 @@ } return false; } - + case BitstreamEntry::SubBlock: { uint64_t SubBlockBitStart = Stream.GetCurrentBitNo(); if (ParseBlock(Stream, Entry.ID, IndentLevel+1, CurStreamType)) return true; ++BlockStats.NumSubBlocks; uint64_t SubBlockBitEnd = Stream.GetCurrentBitNo(); - + // Don't include subblock sizes in the size of this block. BlockBitStart += SubBlockBitEnd-SubBlockBitStart; continue; @@ -411,11 +411,13 @@ } if (Entry.ID == bitc::DEFINE_ABBREV) { - Stream.ReadAbbrevRecord(); + if(Stream.ReadAbbrevRecord()) + return Error("malformed bitcode file"); + ++BlockStats.NumAbbrevs; continue; } - + Record.clear(); ++BlockStats.NumRecords;