From 969b3e6a8fa3b324bbae72b089e2047f4741408b Mon Sep 17 00:00:00 2001
From: Florian Hahn <flo@fhahn.com>
Date: Wed, 21 Aug 2019 18:20:11 +0000
Subject: [PATCH] [BitcodeReader] Check if we can create a null constant for
 type.

We cannot create null constants for certain types, e.g. VoidTy,
FunctionTy or LabelTy. getNullValue asserts if we pass in an
unsupported type. We should also check for opaque types, but I'm not
sure how.

This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14795.

Reviewers: t.p.northover, jfb, vsk

Reviewed By: vsk

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D65897

llvm-svn: 369557
---
 llvm/lib/Bitcode/Reader/BitcodeReader.cpp         |   2 ++
 .../Bitcode/invalid-type-for-null-constant.ll     |   6 ++++++
 .../Bitcode/invalid-type-for-null-constant.ll.bc  | Bin 0 -> 900 bytes
 3 files changed, 8 insertions(+)
 create mode 100644 llvm/test/Bitcode/invalid-type-for-null-constant.ll
 create mode 100644 llvm/test/Bitcode/invalid-type-for-null-constant.ll.bc

diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
index 32ae4cd99569..af906071225b 100644
--- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -2377,6 +2377,8 @@ Error BitcodeReader::parseConstants() {
       CurTy = flattenPointerTypes(CurFullTy);
       continue;  // Skip the ValueList manipulation.
     case bitc::CST_CODE_NULL:      // NULL
+      if (CurTy->isVoidTy() || CurTy->isFunctionTy() || CurTy->isLabelTy())
+        return error("Invalid type for a constant null value");
       V = Constant::getNullValue(CurTy);
       break;
     case bitc::CST_CODE_INTEGER:   // INTEGER: [intval]
diff --git a/llvm/test/Bitcode/invalid-type-for-null-constant.ll b/llvm/test/Bitcode/invalid-type-for-null-constant.ll
new file mode 100644
index 000000000000..28756fa18233
--- /dev/null
+++ b/llvm/test/Bitcode/invalid-type-for-null-constant.ll
@@ -0,0 +1,6 @@
+; Bitcode with a CST_CODE_NULL with void type.
+
+; RUN: not llvm-dis %s.bc -o - 2>&1 | FileCheck %s
+
+; CHECK: error: Invalid type for a constant null value
+
diff --git a/llvm/test/Bitcode/invalid-type-for-null-constant.ll.bc b/llvm/test/Bitcode/invalid-type-for-null-constant.ll.bc
new file mode 100644
index 0000000000000000000000000000000000000000..6196ebccb9d9e08c89930f5ea86e8f7f354fd8c6
GIT binary patch
literal 900
zcmXX_VQAY{5Pr67KP_=(xp9ZxNkVcO2&3&3du!y%9=6qntji!_9b~YvI27ZJwkU3J
zoD_y!se5kcf?E8;(Eg~QE!)5R*pC)MNvv!$L6mkIqd!8Zi5JSqf*Bp`M}O=&-of3y
zckkZaySwkDmDR2H0sy!H0JC24$i%0QAME}5{;^MP(C#L-3tj+heAe$2fD`Kh%&;_g
zGu3o`;GrY2TMolJ<R(L$>)Tn4KJ853>Q5VVG$4_|5BnnN^0*n`m9g@D5Q?PR<CN(S
zuTQ3?N|l!W$90!5=DEfLfKz}-n0$jjchxlzzGq;uZPd-c!HIIE-!LX<eh>_S>m@Db
z6l;Uzci&+D!-6+dQ^Gun*Z)&;R!>gl0MMp!zzf(IB{gQf#bg7HL|KsxtCH5>Vi8`d
z&3Si#?=PBqrBP9Dnrp1FPwGrobnm<AZ`nkmsU#{y!Y)?kRd|_%i{nUD;gU)eib&;A
z$o5maCe;#s7e(K8hw4mHQF@)-5}4-#+sJU)k!$jbE<aUbKM?U1J#G-P-3b(C;N=_~
z&7ph_p3snLB6S89hGF4fHx9d?p)W`@7ex6QTCA0h?scfW7t}wi)UHU(HtS5g&e;2M
zGsA2M%zBC4$asD?l~_}W)%N8>OR6eTnUJg2J2>g<EAnrIyli>Vyk1n%e17_8btVVD
zL_suv7lodD?ArsrzbC1-No^;6EuPxNRq(^?<{H;XalZ)6W{KN;!L(cKpAIe?oRXH6
zlXrC4o;=bkM4CYhMOds&O}sLF-41YHaT^)trNC~jv0pp5?t=xklkuFrs!O&dFDnV$
zkk^fPTan9nYgK;i!<C{1{2mf64a0nQj^76{*0ApH%Mat8z@=%mrX+A_%S!C2b!CV7
zsea&PsynhBf$il2&u9QV_ztw=_jLKrfLtXKcXg#2mrTon?HL|`Ls$>E(nql?ATXaA
zN}eE+BV9;?sNe0^8mi6*Esx6&R^LvMXXta!HQEVQRlfH(#^_vuJ`efxw-1q@UGO-k
zyFoC`@x6EviVhp#Q8(Q_eU35M#pXex`et_YxOiN=RJh1vK9-M+ygND?i$z80qn_`7
Dkp~yx

literal 0
HcmV?d00001