From: Kostya Serebryany <kcc@google.com>
Date: Tue, 27 Sep 2016 01:55:08 +0000 (+0000)
Subject: [sanitizer-coverage] fix a bug in trace-gep
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=30eb92316ce21f9bf54b04df8308c2d48ae6674a;p=llvm

[sanitizer-coverage] fix a bug in trace-gep

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282467 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh b/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
index 33e77a00c91..69fa7241b86 100755
--- a/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
+++ b/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
@@ -7,7 +7,7 @@ LIBFUZZER_SRC=$(dirname $(dirname $SCRIPT_DIR))
 JOBS=20
 
 # FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=edge"
-FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div"
+FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,trace-gep"
 
 get() {
   [ ! -e SRC ] && git clone https://github.com/openssl/openssl.git SRC && (cd SRC && git checkout OpenSSL_1_0_1f)
diff --git a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
index 4a1a75518b0..e26fdb42c99 100644
--- a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -599,7 +599,7 @@ void SanitizerCoverageModule::InjectTraceForGep(
   for (auto GEP : GepTraceTargets) {
     IRBuilder<> IRB(GEP);
     for (auto I = GEP->idx_begin(); I != GEP->idx_end(); ++I)
-      if (!isa<ConstantInt>(*I))
+      if (!isa<ConstantInt>(*I) && (*I)->getType()->isIntegerTy())
         IRB.CreateCall(SanCovTraceGepFunction,
                        {IRB.CreateIntCast(*I, IntptrTy, true)});
   }
diff --git a/test/Instrumentation/SanitizerCoverage/gep-tracing.ll b/test/Instrumentation/SanitizerCoverage/gep-tracing.ll
index ed6cf2d49a8..f305f493202 100644
--- a/test/Instrumentation/SanitizerCoverage/gep-tracing.ll
+++ b/test/Instrumentation/SanitizerCoverage/gep-tracing.ll
@@ -30,3 +30,11 @@ entry:
 ; CHECK: call void @__sanitizer_cov_trace_gep(i64 %idxprom1)
 ; CHECK: call void @__sanitizer_cov_trace_gep(i64 %idxprom)
 ; CHECK: ret void
+
+; Just make sure we don't insturment this one and don't crash
+define void @gep_3(<2 x i8*> %a, i32 %i, i32 %j) {
+entry:
+  %0 = getelementptr i8, <2 x i8*> %a, <2 x i64> <i64 8, i64 8>
+  ret void
+}
+