Error out when faced with value names containing '\0'

Bug found with afl-fuzz. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252048 91177308-0d34-0410-b5e6-96231b3b80d8
ornata · Nov 4, 2015 · c3c89b4 · c3c89b4
1 parent 1cfa35b
commit c3c89b4
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1749,7 +1749,10 @@ ErrorOr<Value *> BitcodeReader::recordValue(SmallVectorImpl<uint64_t> &Record,
     return error("Invalid record");
   Value *V = ValueList[ValueID];
 
-  V->setName(StringRef(ValueName.data(), ValueName.size()));
+  StringRef NameStr(ValueName.data(), ValueName.size());
+  if (NameStr.find_first_of(0) != StringRef::npos)
+    return error("Invalid value name");
+  V->setName(NameStr);
   auto *GO = dyn_cast<GlobalObject>(V);
   if (GO) {
     if (GO->getComdat() == reinterpret_cast<Comdat *>(1)) {

diff --git a/test/Bitcode/Inputs/invalid-name-with-0-byte.bc b/test/Bitcode/Inputs/invalid-name-with-0-byte.bc
diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
@@ -212,3 +212,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-no-function-block.bc 2>&1 |
 RUN:   FileCheck --check-prefix=NO-FUNCTION-BLOCK %s
 
 NO-FUNCTION-BLOCK: Trying to materialize functions before seeing function blocks
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-name-with-0-byte.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=NAME-WITH-0 %s
+
+NAME-WITH-0: Invalid value name