Check for invalid abbreviation operators in munged bitcode.

lib/Bitcode/NaCl/TestUtils/NaClBitcodeMungeWriter.cpp

 //===- NaClBitcodeMungeWriter.cpp - Write munged bitcode --------*- C++ -*-===//
 //
 //                     The LLVM Compiler Infrastructure
 //
 // This file is distributed under the University of Illinois Open Source
 // License. See LICENSE.TXT for details.
 //
 //===----------------------------------------------------------------------===//
 //
 // Implements method NaClMungedBitcode.write(), which writes out a munged
@@ skipping 100 matching lines @@
 
   // Marks that an abbreviation definition is being omitted (i.e. not
   // written) for the current block.
   void markCurrentBlockWithOmittedAbbreviations() {
     assert(!ScopeStack.empty());
     ScopeStack.back().OmittedAbbreviations = true;
     if (getCurWriteBlockID() == naclbitc::BLOCKINFO_BLOCK_ID)
       BlocksWithOmittedAbbrevs.insert(SetBID);
   }
 
+  // Returns true if abbreviation operand is legal. If not, logs
+  // a recoverable error message and returns false. Assumes that
+  // the caller does the actual error recovery if applicable.
+  bool verifyAbbrevOp(NaClBitCodeAbbrevOp::Encoding Encoding, uint64_t Value,
+                      const NaClBitcodeAbbrevRecord &Record);
+
   // Converts the abbreviation record to the corresponding abbreviation.
   // Returns nullptr if unable to build abbreviation.
   NaClBitCodeAbbrev *buildAbbrev(const NaClBitcodeAbbrevRecord &Record);
 
+  // Gets the next value (based on Index) from the record values,
+  // assigns it to ExtractedValue, and returns true. Otherwise, logs a
+  // recoverable error message and returns false. Assumes that the
+  // caller does the actual error recovery if applicable.
+  bool LLVM_ATTRIBUTE_UNUSED_RESULT
+  nextAbbrevValue(uint64_t &ExtractedValue,
+                  const NaClBitcodeAbbrevRecord &Record, size_t &Index) {
+    if (Index >= Record.Values.size()) {
+      RecoverableError()
+          << "Malformed abbreviation found: " << Record << "\n";
+      return false;
+    }
+    ExtractedValue = Record.Values[Index++];
+    return true;
+  }
+
   // Emits the given record to the bitcode file. Returns true if
   // successful.
   bool LLVM_ATTRIBUTE_UNUSED_RESULT
   emitRecord(NaClBitstreamWriter &Writer,
              const NaClBitcodeAbbrevRecord &Record);
 
   // Enter the given block
   bool LLVM_ATTRIBUTE_UNUSED_RESULT
   enterBlock(NaClBitstreamWriter &Writer, uint64_t WriteBlockID,
              uint64_t NumBits, const NaClBitcodeAbbrevRecord &Record);
@@ skipping 323 matching lines @@
     break;
   }
   return true;
 }
 
 static NaClBitCodeAbbrev *deleteAbbrev(NaClBitCodeAbbrev *Abbrev) {
   Abbrev->dropRef();
   return nullptr;
 }
 
+bool WriteState::verifyAbbrevOp(NaClBitCodeAbbrevOp::Encoding Encoding,
+                                uint64_t Value,
+                                const NaClBitcodeAbbrevRecord &Record) {
+  if (NaClBitCodeAbbrevOp::isValid(Encoding, Value))
+    return true;
+  RecoverableError() << "Invalid abbreviation "
+                     << NaClBitCodeAbbrevOp::getEncodingName(Encoding)
+                     << "(" << static_cast<int64_t>(Value)
+                     << ") in: " << Record << "\n";
+  return false;
+}
+
 NaClBitCodeAbbrev *WriteState::buildAbbrev(
     const NaClBitcodeAbbrevRecord &Record) {
   // Note: Recover by removing abbreviation.
   NaClBitCodeAbbrev *Abbrev = new NaClBitCodeAbbrev();
   size_t Index = 0;
-  size_t NumValues = Record.Values.size();
-  if (NumValues == 0) {
-    RecoverableError() << "Empty abbreviation record not allowed: "
-                       << Record << "\n";
+  size_t NumAbbrevOps;
+  if (!nextAbbrevValue(NumAbbrevOps, Record, Index))
     return deleteAbbrev(Abbrev);
-  }
-  size_t NumAbbreviations = Record.Values[Index++];
-  if (NumAbbreviations == 0) {
+  if (NumAbbrevOps == 0) {
     RecoverableError() << "Abbreviation must contain at least one operator: "
                        << Record << "\n";
     return deleteAbbrev(Abbrev);
   }
-  for (size_t Count = 0; Count < NumAbbreviations; ++Count) {
-    if (Index >= NumValues) {
-      RecoverableError()
-          << "Malformed abbreviation found. Expects " << NumAbbreviations
-          << " operands but found " << Count << ": " << Record << "\n";
+  for (size_t Count = 0; Count < NumAbbrevOps; ++Count) {
+    uint64_t IsLiteral;
+    if (!nextAbbrevValue(IsLiteral, Record, Index))
       return deleteAbbrev(Abbrev);
+    switch (IsLiteral) {
+    case 1: {
+      uint64_t Value;
+      if (!nextAbbrevValue(Value, Record, Index))
+        return deleteAbbrev(Abbrev);
+      if (!verifyAbbrevOp(NaClBitCodeAbbrevOp::Literal, Value, Record))
+        return deleteAbbrev(Abbrev);
+      Abbrev->Add(NaClBitCodeAbbrevOp(Value));
+      break;
     }
-    switch (Record.Values[Index++]) {
-    case 1:
-      if (Index >= NumValues) {
-        RecoverableError() << "Malformed literal abbreviation: "
-                           << Record << "\n";
+    case 0: {
+      uint64_t Kind;
+      if (!nextAbbrevValue(Kind, Record, Index))
         return deleteAbbrev(Abbrev);
+      switch (Kind) {
+      case NaClBitCodeAbbrevOp::Fixed: {
+        uint64_t Value;
+        if (!nextAbbrevValue(Value, Record, Index))
+          return deleteAbbrev(Abbrev);
+        if (!verifyAbbrevOp(NaClBitCodeAbbrevOp::Fixed, Value, Record))
+          return deleteAbbrev(Abbrev);
+        Abbrev->Add(NaClBitCodeAbbrevOp(NaClBitCodeAbbrevOp::Fixed, Value));
+        break;
       }
-      Abbrev->Add(NaClBitCodeAbbrevOp(Record.Values[Index++]));
-      break;
-    case 0: {
-      if (Index >= NumValues) {
-        RecoverableError() << "Malformed abbreviation found: "
-                           << Record << "\n";
-        return deleteAbbrev(Abbrev);
+      case NaClBitCodeAbbrevOp::VBR: {
+        uint64_t Value;
+        if (!nextAbbrevValue(Value, Record, Index))
+          return deleteAbbrev(Abbrev);
+        if (!verifyAbbrevOp(NaClBitCodeAbbrevOp::VBR, Value, Record))
+          return deleteAbbrev(Abbrev);
+        Abbrev->Add(NaClBitCodeAbbrevOp(NaClBitCodeAbbrevOp::VBR, Value));
+        break;
       }
-      unsigned Kind = Record.Values[Index++];
-      switch (Kind) {
-      case NaClBitCodeAbbrevOp::Fixed:
-        if (Index >= NumValues) {
-          RecoverableError() << "Malformed fixed abbreviation found: "
+      case NaClBitCodeAbbrevOp::Array:
+        if (Count + 2 != NumAbbrevOps) {
+          RecoverableError() << "Array abbreviation must be second to last: "
                              << Record << "\n";
           return deleteAbbrev(Abbrev);
         }
-        Abbrev->Add(NaClBitCodeAbbrevOp(NaClBitCodeAbbrevOp::Fixed,
-                                        Record.Values[Index++]));
-        break;
-      case NaClBitCodeAbbrevOp::VBR:
-        if (Index >= NumValues) {
-          RecoverableError() << "Malformed vbr abbreviation found: "
-                             << Record << "\n";
-          return deleteAbbrev(Abbrev);
-        }
-        Abbrev->Add(NaClBitCodeAbbrevOp(NaClBitCodeAbbrevOp::VBR,
-                                        Record.Values[Index++]));
-        break;
-      case NaClBitCodeAbbrevOp::Array:
-        if (Index >= NumValues) {
-          RecoverableError() << "Malformed array abbreviation found: "
-                             << Record << "\n";
-          return deleteAbbrev(Abbrev);
-        }
         Abbrev->Add(NaClBitCodeAbbrevOp(NaClBitCodeAbbrevOp::Array));
         break;
       case NaClBitCodeAbbrevOp::Char6:
         Abbrev->Add(NaClBitCodeAbbrevOp(NaClBitCodeAbbrevOp::Char6));
         break;
       default:
         RecoverableError() << "Unknown abbreviation kind " << Kind
                            << ": " << Record << "\n";
         return deleteAbbrev(Abbrev);
       }
       break;
     }
     default:
-      RecoverableError() << "Error: Bad abbreviation operand encoding "
+      RecoverableError() << "Bad abbreviation operand encoding "
                          << Record.Values[Index-1] << ": " << Record << "\n";
       return deleteAbbrev(Abbrev);
     }
   }
+  if (Index != Record.Values.size()) {
+    RecoverableError() << "Error: Too many values for number of operands ("
+                       << NumAbbrevOps << "): "
+                       << Record << "\n";
+    return deleteAbbrev(Abbrev);
+  }
+  if (!Abbrev->isValid()) {
+    raw_ostream &Out = RecoverableError();
+    Abbrev->Print(Out << "Abbreviation ");
+    Out << " not valid: " << Record << "\n";
+    return deleteAbbrev(Abbrev);
+  }
   return Abbrev;
 }
 
 } // end of anonymous namespace.
 
 NaClMungedBitcode::WriteResults NaClMungedBitcode::writeMaybeRepair(
     SmallVectorImpl<char> &Buffer, bool AddHeader,
     const WriteFlags &Flags) const {
   NaClBitstreamWriter Writer(Buffer);
   WriteState State(Flags);
   if (AddHeader) {
     NaClWriteHeader(Writer, true);
   }
   for (const NaClBitcodeAbbrevRecord &Record : *this) {
     if (!State.emitRecord(Writer, Record))
       break;
   }
   bool RecoverSilently =
       State.Results.NumErrors > 0 && !Flags.getTryToRecover();
   return State.finish(Writer, RecoverSilently);
 }