<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 1, 2015 at 9:25 PM, Owen Anderson <span dir="ltr"><<a href="mailto:resistor@mac.com" target="_blank">resistor@mac.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: resistor<br>
Date: Sun Mar 1 23:25:06 2015<br>
New Revision: 230934<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=230934&view=rev" target="_blank">http://llvm.org/viewvc/llvm-project?rev=230934&view=rev</a><br>
Log:<br>
Fix a crash in the LL parser where it failed to validate that the pointer operand of a GEP was valid.<br>
<br>
This manifested as an assertion failure in +Asserts builds, and a hard crash in -Asserts builds. Found by fuzzing the LL parser.<br>
<br>
Added:<br>
llvm/trunk/test/Assembler/getelementptr_invalid_ptr.ll<br>
Modified:<br>
llvm/trunk/lib/AsmParser/LLParser.cpp<br>
<br>
Modified: llvm/trunk/lib/AsmParser/LLParser.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/AsmParser/LLParser.cpp?rev=230934&r1=230933&r2=230934&view=diff" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/AsmParser/LLParser.cpp?rev=230934&r1=230933&r2=230934&view=diff</a><br>
==============================================================================<br>
--- llvm/trunk/lib/AsmParser/LLParser.cpp (original)<br>
+++ llvm/trunk/lib/AsmParser/LLParser.cpp Sun Mar 1 23:25:06 2015<br>
@@ -5458,6 +5458,8 @@ int LLParser::ParseGetElementPtr(Instruc<br>
return true;<br>
<br>
Type *PtrTy = Ptr->getType();<br>
+ if (!isa<SequentialType>(PtrTy))<br>
+ return Error(Loc, "pointer type is not valid");<br></blockquote><div><br>Could drop this down below the vector check (what if the vector's elements aren't sequential types? That's presumably an error case that's missed here & would have the same crashy/asserty problem) and then possibly use a dyn_cast and reuse the result rather than isa + cast? (I can do this, if you like)<br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
if (VectorType *VT = dyn_cast<VectorType>(PtrTy))<br>
PtrTy = VT->getElementType();<br>
if (Ty != cast<SequentialType>(PtrTy)->getElementType())<br>
<br>
Added: llvm/trunk/test/Assembler/getelementptr_invalid_ptr.ll<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Assembler/getelementptr_invalid_ptr.ll?rev=230934&view=auto" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Assembler/getelementptr_invalid_ptr.ll?rev=230934&view=auto</a><br>
==============================================================================<br>
--- llvm/trunk/test/Assembler/getelementptr_invalid_ptr.ll (added)<br>
+++ llvm/trunk/test/Assembler/getelementptr_invalid_ptr.ll Sun Mar 1 23:25:06 2015<br>
@@ -0,0 +1,11 @@<br>
+; RUN: not llvm-as < %s >/dev/null 2> %t<br>
+; RUN: FileCheck %s < %t<br></blockquote><div><br>Not sure about other people, but generally I try to avoid temporary files (it makes it easier to copy/paste the test command line to reproduce the test case at least). I guess maybe that does involve just piping stdout/stderr together, though? (I don't see any test cases that just pipe stderr, but maybe I'm not searching right)<br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
+; Test the case of an invalid pointer type on a GEP<br>
+<br>
+; CHECK: pointer type is not valid<br>
+<br>
+define i32* @foo(i32 %a) {<br>
+ %gep = getelementptr i32, i32 %a, i32 1<br>
+ return i32* %gep<br>
+}<br>
+<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@cs.uiuc.edu">llvm-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br></div></div>