<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Null-dereference in InstCombinerImpl::foldVectorBinop call to llvm::ConstantExpr::get"

   href="https://bugs.llvm.org/show_bug.cgi?id=46872">46872</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Null-dereference in InstCombinerImpl::foldVectorBinop call to llvm::ConstantExpr::get

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Windows NT

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Scalar Optimizations

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>llvm-dev@redking.me.uk

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>lebedev.ri@gmail.com, llvm-bugs@lists.llvm.org, spatel+llvm@rotateright.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Reduced from <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24434">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24434</a>

define <4 x i32> @ossfuzz24434(<4 x i32> %a0) {

  %1 = shufflevector <4 x i32> %a0, <4 x i32> undef, <4 x i32> <i32 0, i32 0,

i32 1, i32 1>

  %2 = and <4 x i32> bitcast (<2 x i64> <i64 ptrtoint (<4 x i32> (<4 x i32>)*

@pr20114 to i64), i64 ptrtoint (<4 x i32> (<4 x i32>)* @pr20114 to i64)> to <4

x i32>), %1

  %3 = insertelement <4 x i32> %2, i32 2147483647, i64 0

  ret <4 x i32> %3

}

opt -instcombine

PLEASE submit a bug report to <a href="https://bugs.llvm.org/">https://bugs.llvm.org/</a> and include the crash

backtrace.

Stack dump:

0.      Program arguments: opt -instcombine fuzz24434.ll -o bar.bc

1.      Running pass 'Function Pass Manager' on module 'fuzz24434.ll'.

2.      Running pass 'Combine redundant instructions' on function '@pr20114'

opt(_ZN4llvm3sys15PrintStackTraceERNS_11raw_ostreamE+0x2a)[0x7ff01674e19a]

opt(_ZN4llvm3sys17RunSignalHandlersEv+0x34)[0x7ff01674bf94]

opt(+0x294c975)[0x7ff01674c975]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890)[0x7ff0135f2890]

opt(_ZN4llvm12ConstantExpr3getEjPNS_8ConstantES2_jPNS_4TypeE+0x2d)[0x7ff015f3ce2d]

opt(+0x24057cc)[0x7ff0162057cc]

opt(+0x2438b3a)[0x7ff016238b3a]

opt(+0x240f521)[0x7ff01620f521]

opt(+0x2411187)[0x7ff016211187]

opt(_ZN4llvm24InstructionCombiningPass13runOnFunctionERNS_8FunctionE+0x66e)[0x7ff016212dae]

opt(_ZN4llvm13FPPassManager13runOnFunctionERNS_8FunctionE+0x356)[0x7ff01600c6a6]

opt(_ZN4llvm13FPPassManager11runOnModuleERNS_6ModuleE+0x39)[0x7ff01600d119]

opt(_ZN4llvm6legacy15PassManagerImpl3runERNS_6ModuleE+0x389)[0x7ff01600bfc9]</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>