From 6bcf52f00a4fc352e90ff11681a0e69f9757eb37 Mon Sep 17 00:00:00 2001
From: Johnny Chen <johnny.chen@apple.com>
Date: Tue, 20 Apr 2010 00:15:41 +0000
Subject: More IT instruction error-handling improvements from fuzzing.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@101839 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Target/ARM/Disassembler/ARMDisassembler.cpp | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/lib/Target/ARM/Disassembler/ARMDisassembler.cpp b/lib/Target/ARM/Disassembler/ARMDisassembler.cpp
index 1c9d95f..debd228 100644
--- a/lib/Target/ARM/Disassembler/ARMDisassembler.cpp
+++ b/lib/Target/ARM/Disassembler/ARMDisassembler.cpp
@@ -513,7 +513,7 @@ static unsigned short CountITSize(unsigned ITMask) {
   // First count the trailing zeros of the IT mask.
   unsigned TZ = CountTrailingZeros_32(ITMask);
   if (TZ > 3) {
-    DEBUG(errs() << "Encoding error of IT mask");
+    DEBUG(errs() << "Encoding error: IT Mask '0000'");
     return 0;
   }
   return (4 - TZ);
@@ -522,9 +522,23 @@ static unsigned short CountITSize(unsigned ITMask) {
 /// Init ITState.  Note that at least one bit is always 1 in mask.
 bool Session::InitIT(unsigned short bits7_0) {
   ITCounter = CountITSize(slice(bits7_0, 3, 0));
+  if (ITCounter == 0)
+    return false;
+
+  // A8.6.50 IT
+  unsigned short FirstCond = slice(bits7_0, 7, 4);
+  if (FirstCond == 0xF) {
+    DEBUG(errs() << "Encoding error: IT FirstCond '1111'");
+    return false;
+  }
+  if (FirstCond == 0xE && ITCounter != 1) {
+    DEBUG(errs() << "Encoding error: IT FirstCond '1110' && Mask != '1000'");
+    return false;
+  }
+
   ITState = bits7_0;
-  // Only need to check for > 0.
-  return ITCounter > 0;
+
+  return true;
 }
 
 /// Update ITState if necessary.
-- 
cgit v1.1