From 3b821159da170b233a3ba8c12ce47ee6662946f0 Mon Sep 17 00:00:00 2001
From: Filipe Cabecinhas <me@filcab.net>
Date: Sat, 30 May 2015 00:17:20 +0000
Subject: [PATCH] [BitcodeReader] Change an assert to a call to a call to
 Error()

It's reachable from user input.

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238633 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Bitcode/Reader/BitcodeReader.cpp              |   4 ++--
 .../invalid-metadata-not-followed-named-node.bc   | Bin 0 -> 878 bytes
 test/Bitcode/invalid.test                         |   5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 test/Bitcode/Inputs/invalid-metadata-not-followed-named-node.bc

diff --git a/lib/Bitcode/Reader/BitcodeReader.cpp b/lib/Bitcode/Reader/BitcodeReader.cpp
index 441a4c76344..4044ac80f20 100644
--- a/lib/Bitcode/Reader/BitcodeReader.cpp
+++ b/lib/Bitcode/Reader/BitcodeReader.cpp
@@ -1634,9 +1634,9 @@ std::error_code BitcodeReader::ParseMetadata() {
       Record.clear();
       Code = Stream.ReadCode();
 
-      // METADATA_NAME is always followed by METADATA_NAMED_NODE.
       unsigned NextBitCode = Stream.readRecord(Code, Record);
-      assert(NextBitCode == bitc::METADATA_NAMED_NODE); (void)NextBitCode;
+      if (NextBitCode != bitc::METADATA_NAMED_NODE)
+        return Error("METADATA_NAME not followed by METADATA_NAMED_NODE");
 
       // Read named metadata elements.
       unsigned Size = Record.size();
diff --git a/test/Bitcode/Inputs/invalid-metadata-not-followed-named-node.bc b/test/Bitcode/Inputs/invalid-metadata-not-followed-named-node.bc
new file mode 100644
index 0000000000000000000000000000000000000000..42a2c3e65fecb9d56daa43ef548231050f386510
GIT binary patch
literal 878
zcmZ>AK5$Qwhk+rFfq{X$Nr8chfq_AYfq{X&QF)@{2^LQ_0VB&vj4eE>tQ?YZEZs>B
z0<KI>lenE)1dK#1I3zr|j9gSaxF#qn9|>yUkyI>FVL!nkn6zTS3WsAK7#SECIu#fg
z_!$@&jFdPy6;fJRgq4=Gum~$XZdo`%M98P3hr6Z4N5DXtp_s)($VKRc45P#u28qT~
zEMXiIEDtFim;iE*^Ar{aFpyZJ1Ev`q<k%P(7z7y@7>qd@WR5(PaT8&*?QpheIo#va
zz+PFwUOc0a=NSY4TLHc=4SdEtPI8A1%AQ*&lV-pQR@N+ihS~OnvuzKvEdv8Xp#lQ~
z$ULzP3cW5a!K^wWi3~i2zJdxqq8kEO7#I>2AYmfRaxg=Ip+}A9U<Na0kp2Hpk06Vq
zT9BpDJIEMW7W1+QBv=SAFfed|l30MiS&>9Fg_y0p9Mf}I4wXhT3JM10vbnf;Y?Bob
zRJ_~f;L_5<%)r3Vz>ug9iEd#QM;(xUP_htFW-u{kU|`rR*bE{LF)&E*ff5QRD%k_X
dpk|AbZ!H5Q)(QwJUQKgwX-NTj0Fr7M7yyZV!0-S7

literal 0
HcmV?d00001

diff --git a/test/Bitcode/invalid.test b/test/Bitcode/invalid.test
index eb7f979d574..43f7c77d598 100644
--- a/test/Bitcode/invalid.test
+++ b/test/Bitcode/invalid.test
@@ -187,3 +187,8 @@ RUN: not llvm-dis -disable-output %p/Inputs/invalid-array-operand-encoding.bc 2>
 RUN:   FileCheck --check-prefix=ARRAY-OP-ENC %s
 
 ARRAY-OP-ENC: Array element type has to be an encoding of a type
+
+RUN: not llvm-dis -disable-output %p/Inputs/invalid-metadata-not-followed-named-node.bc 2>&1 | \
+RUN:   FileCheck --check-prefix=META-NOT-FOLLOWED-BY-NAMED-META %s
+
+META-NOT-FOLLOWED-BY-NAMED-META: METADATA_NAME not followed by METADATA_NAMED_NODE