]> granicus.if.org Git - llvm/commitdiff
projects / llvm / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 89c4247)
[X86][SSE] LowerINSERT_VECTOR_ELT - early out for out of range indices
authorSimon Pilgrim <llvm-dev@redking.me.uk>
Fri, 5 Jul 2019 10:34:53 +0000 (10:34 +0000)
committerSimon Pilgrim <llvm-dev@redking.me.uk>
Fri, 5 Jul 2019 10:34:53 +0000 (10:34 +0000)
Fixes OSS-Fuzz #15662

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@365180 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Target/X86/X86ISelLowering.cpp patch | blob | history
test/CodeGen/X86/vec_extract.ll patch | blob | history

diff --git a/lib/Target/X86/X86ISelLowering.cpp b/lib/Target/X86/X86ISelLowering.cpp
index 1b9312d2c1f02c6fcd144f881370214d237fc3ed..9710534f258f11cb1791ee2700416af1b5631e81 100644 (file)
--- a/lib/Target/X86/X86ISelLowering.cpp
+++ b/lib/Target/X86/X86ISelLowering.cpp
@@ -17091,10 +17091,10 @@ SDValue X86TargetLowering::LowerINSERT_VECTOR_ELT(SDValue Op,
   SDValue N0 = Op.getOperand(0);
   SDValue N1 = Op.getOperand(1);
   SDValue N2 = Op.getOperand(2);
-  if (!isa<ConstantSDNode>(N2))
+
+  auto *N2C = dyn_cast<ConstantSDNode>(N2);
+  if (!N2C || N2C->getAPIntValue().uge(NumElts))
     return SDValue();
-  auto *N2C = cast<ConstantSDNode>(N2);
-  assert(N2C->getAPIntValue().ult(NumElts) && "Out of range element index");
   uint64_t IdxVal = N2C->getZExtValue();
 
   bool IsZeroElt = X86::isZeroNode(N1);
diff --git a/test/CodeGen/X86/vec_extract.ll b/test/CodeGen/X86/vec_extract.ll
index 724ac9032e3f0164ba1b0a574d2f6dcc5de76d28..3fb669dd45c831ecfc094c900e481b498663addd 100644 (file)
--- a/test/CodeGen/X86/vec_extract.ll
+++ b/test/CodeGen/X86/vec_extract.ll
@@ -100,5 +100,28 @@ entry:
   %tmp3 = fadd double %tmp2, %A
   ret double %tmp3
 }
-
 declare <2 x double> @foo()
+
+; OSS-Fuzz #15662
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15662
+define <4 x i32> @ossfuzz15662(<4 x i32*>* %in) {
+; X32-LABEL: ossfuzz15662:
+; X32:       # %bb.0:
+; X32-NEXT:    xorps %xmm0, %xmm0
+; X32-NEXT:    movaps %xmm0, (%eax)
+; X32-NEXT:    xorps %xmm0, %xmm0
+; X32-NEXT:    retl
+;
+; X64-LABEL: ossfuzz15662:
+; X64:       # %bb.0:
+; X64-NEXT:    xorps %xmm0, %xmm0
+; X64-NEXT:    movaps %xmm0, (%rax)
+; X64-NEXT:    xorps %xmm0, %xmm0
+; X64-NEXT:    retq
+   %C10 = icmp ule i1 false, false
+   %C3 = icmp ule i1 true, undef
+   %B = sdiv i1 %C10, %C3
+   %I = insertelement <4 x i32> zeroinitializer, i32 0, i1 %B
+   store <4 x i32> %I, <4 x i32>* undef
+   ret <4 x i32> zeroinitializer
+}
Unnamed repository; edit this file 'description' to name the repository.