From cbf651f7399feea9ea8495af571d67d924b8ec11 Mon Sep 17 00:00:00 2001
From: Jonas Devlieghere <jonas@devlieghere.com>
Date: Fri, 5 Jan 2018 10:03:02 +0000
Subject: [PATCH] [DebugInfo] Don't crash when given invalid DWARFv5 line table
 prologue.

This patch replaces an assertion with an explicit check for the validity
of the FORM parameters. The assertion was triggered when the DWARFv5
line table contained a zero address size.

This fixes OSS-Fuzz Issue 4644
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4644

Differential revision: https://reviews.llvm.org/D41615

llvm-svn: 321863
---
 .../llvm/DebugInfo/DWARF/DWARFFormValue.h        |   2 ++
 llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp      |   2 +-
 llvm/lib/DebugInfo/DWARF/DWARFFormValue.cpp      |  15 +++++++++------
 llvm/test/DebugInfo/Inputs/invalid.linetable     | Bin 0 -> 680 bytes
 .../DebugInfo/dwarfdump-invalid-line-table.test  |   5 +++++
 5 files changed, 17 insertions(+), 7 deletions(-)
 create mode 100644 llvm/test/DebugInfo/Inputs/invalid.linetable
 create mode 100644 llvm/test/DebugInfo/dwarfdump-invalid-line-table.test

diff --git a/llvm/include/llvm/DebugInfo/DWARF/DWARFFormValue.h b/llvm/include/llvm/DebugInfo/DWARF/DWARFFormValue.h
index d32053519ec48..2c0a942a5a5c7 100644
--- a/llvm/include/llvm/DebugInfo/DWARF/DWARFFormValue.h
+++ b/llvm/include/llvm/DebugInfo/DWARF/DWARFFormValue.h
@@ -50,6 +50,8 @@ struct DWARFFormParams {
     }
     llvm_unreachable("Invalid Format value");
   }
+
+  explicit operator bool() const { return Version && AddrSize; }
 };
 
 class DWARFFormValue {
diff --git a/llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp b/llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
index e5ef4eaceebef..861122cfbaff7 100644
--- a/llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
+++ b/llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
@@ -268,7 +268,7 @@ bool DWARFDebugLine::Prologue::parse(const DWARFDataExtractor &DebugLineData,
 
   if (getVersion() >= 5) {
     if (!parseV5DirFileTables(DebugLineData, OffsetPtr, EndPrologueOffset,
-                              getFormParams(), U, HasMD5, IncludeDirectories,
+                              FormParams, U, HasMD5, IncludeDirectories,
                               FileNames)) {
       fprintf(stderr,
               "warning: parsing line table prologue at 0x%8.8" PRIx64
diff --git a/llvm/lib/DebugInfo/DWARF/DWARFFormValue.cpp b/llvm/lib/DebugInfo/DWARF/DWARFFormValue.cpp
index 44886de2e3d58..769ac37aa0b6d 100644
--- a/llvm/lib/DebugInfo/DWARF/DWARFFormValue.cpp
+++ b/llvm/lib/DebugInfo/DWARF/DWARFFormValue.cpp
@@ -64,8 +64,9 @@ DWARFFormValue::getFixedByteSize(dwarf::Form Form,
                                  const DWARFFormParams Params) {
   switch (Form) {
   case DW_FORM_addr:
-    assert(Params.Version && Params.AddrSize && "Invalid Params for form");
-    return Params.AddrSize;
+    if (Params)
+      return Params.AddrSize;
+    return None;
 
   case DW_FORM_block:          // ULEB128 length L followed by L bytes.
   case DW_FORM_block1:         // 1 byte length L followed by L bytes.
@@ -86,8 +87,9 @@ DWARFFormValue::getFixedByteSize(dwarf::Form Form,
     return None;
 
   case DW_FORM_ref_addr:
-    assert(Params.Version && Params.AddrSize && "Invalid Params for form");
-    return Params.getRefAddrByteSize();
+    if (Params)
+      return Params.getRefAddrByteSize();
+    return None;
 
   case DW_FORM_flag:
   case DW_FORM_data1:
@@ -118,8 +120,9 @@ DWARFFormValue::getFixedByteSize(dwarf::Form Form,
   case DW_FORM_line_strp:
   case DW_FORM_sec_offset:
   case DW_FORM_strp_sup:
-    assert(Params.Version && Params.AddrSize && "Invalid Params for form");
-    return Params.getDwarfOffsetByteSize();
+    if (Params)
+      return Params.getDwarfOffsetByteSize();
+    return None;
 
   case DW_FORM_data8:
   case DW_FORM_ref8:
diff --git a/llvm/test/DebugInfo/Inputs/invalid.linetable b/llvm/test/DebugInfo/Inputs/invalid.linetable
new file mode 100644
index 0000000000000000000000000000000000000000..5df41391afa6eaa95476541072097273c95cb45e
GIT binary patch
literal 680
zcmb<-^>Jea0|p5A|6l#T0RsaE1H<ok8vhwIAfg(KU|NGgfC0$TVEDYCaVJcUf#Lsu
zrvE^|@Th(rNEtH_N3*fUd9zy0IRz5H(4qy@f>p;4gOt>y()9S8%ym#pEQ~)d=x$h7
zcy{iED;G9sFO8nzo4nAaW%sVT&a1X5yVTizUZCEvWb?BIKZM@ARK1k)e2~pRum$8J
zQ`|mMMs^;^=^#E%A2A_(^bsWxQZkcEfL{6r3j|PrK>`6u3!ZQT8rB2U0&+mTs}EeK
zBFG$Y_yJ=CtewTk)a3I5SR`;kBM9bXhG?L5kC}jKf#BcUU*{PZlo%Oyz4rQ}z`y~F
zA`svP+cKY#g+TylvQTMpYCH!IBar!-c|kqU9h-n^fV^Xj4C(PDl?AEA44fb?1DcwR
ntRSDwVQ_{hH~74uVVwc0jzj;a{se|RnnngrG~+>r6Hp2O6i&wQ

literal 0
HcmV?d00001

diff --git a/llvm/test/DebugInfo/dwarfdump-invalid-line-table.test b/llvm/test/DebugInfo/dwarfdump-invalid-line-table.test
new file mode 100644
index 0000000000000..afcaec003064c
--- /dev/null
+++ b/llvm/test/DebugInfo/dwarfdump-invalid-line-table.test
@@ -0,0 +1,5 @@
+Verify that dwarfdump doesn't crash on invalid line table prologue.
+OSS-Fuzz Issue 4644 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4644)
+
+RUN: llvm-dwarfdump --verbose %p/Inputs/invalid.linetable 2>&1 | FileCheck %s --check-prefix=INVALID-LINE-TABLE
+INVALID-LINE-TABLE: invalid directory or file table description