]> granicus.if.org Git - llvm/commitdiff
projects / llvm / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0d7db2b)
[InstCombine] SliceUpIllegalIntegerPHI - bail on out of range shifts
authorSimon Pilgrim <llvm-dev@redking.me.uk>
Mon, 24 Jun 2019 13:13:36 +0000 (13:13 +0000)
committerSimon Pilgrim <llvm-dev@redking.me.uk>
Mon, 24 Jun 2019 13:13:36 +0000 (13:13 +0000)
trunc(lshr) handling - if the shift is out of range (undefined) then bail like we do for non-constant shifts.

Fixes OSS Fuzz #15217

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@364181 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Transforms/InstCombine/InstCombinePHI.cpp patch | blob | history
test/Transforms/InstCombine/phi-shifts.ll [new file with mode: 0644] patch | blob

diff --git a/lib/Transforms/InstCombine/InstCombinePHI.cpp b/lib/Transforms/InstCombine/InstCombinePHI.cpp
index e217adec7ed56e59829c56c95d3988cc25924c80..5820ab726637498230c4ff90c9d9c518214985f7 100644 (file)
--- a/lib/Transforms/InstCombine/InstCombinePHI.cpp
+++ b/lib/Transforms/InstCombine/InstCombinePHI.cpp
@@ -1004,6 +1004,11 @@ Instruction *InstCombiner::SliceUpIllegalIntegerPHI(PHINode &FirstPhi) {
           !isa<ConstantInt>(UserI->getOperand(1)))
         return nullptr;
 
+      // Bail on out of range shifts.
+      unsigned SizeInBits = UserI->getType()->getScalarSizeInBits();
+      if (cast<ConstantInt>(UserI->getOperand(1))->getValue().uge(SizeInBits))
+        return nullptr;
+
       unsigned Shift = cast<ConstantInt>(UserI->getOperand(1))->getZExtValue();
       PHIUsers.push_back(PHIUsageRecord(PHIId, Shift, UserI->user_back()));
     }
diff --git a/test/Transforms/InstCombine/phi-shifts.ll b/test/Transforms/InstCombine/phi-shifts.ll
new file mode 100644 (file)
index 0000000..cc36c9d
--- /dev/null
+++ b/test/Transforms/InstCombine/phi-shifts.ll
@@ -0,0 +1,26 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt < %s -S -instcombine | FileCheck %s
+
+; OSS Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15217
+define i64 @fuzz15217(i1 %cond, i8* %Ptr, i64 %Val) {
+; CHECK-LABEL: @fuzz15217(
+; CHECK-NEXT:  entry:
+; CHECK-NEXT:    br i1 [[COND:%.*]], label [[END:%.*]], label [[TWO:%.*]]
+; CHECK:       two:
+; CHECK-NEXT:    br label [[END]]
+; CHECK:       end:
+; CHECK-NEXT:    ret i64 0
+;
+entry:
+  br i1 %cond, label %end, label %two
+
+two:
+  br label %end
+
+end:
+  %tmp869.0 = phi i128 [ 0, %entry ], [ 18446744073709551616, %two ]
+  %tmp29 = lshr i128 %tmp869.0, 64
+  %B1 = lshr i128 %tmp29, 170141183460469231731687303715884105727
+  %tmp30 = trunc i128 %B1 to i64
+  ret i64 %tmp30
+}
Unnamed repository; edit this file 'description' to name the repository.