[clang] [Clang] Prevent null pointer dereferences in SVE tuple functions (PR #94267)

via cfe-commits cfe-commits at lists.llvm.org
Fri Jun 28 10:53:14 PDT 2024


https://github.com/smanna12 updated https://github.com/llvm/llvm-project/pull/94267

>From 14e4f23d90d3a1590de5b9a1350ecf56aa89cc17 Mon Sep 17 00:00:00 2001
From: "Manna, Soumi" <soumi.manna at intel.com>
Date: Mon, 3 Jun 2024 11:17:33 -0700
Subject: [PATCH 1/5] [Clang] Prevent null pointer dereferencein SVE tuple
 functions

This patch replaces dyn_cast<> with cast<> for obtaining ScalableVectorType pointers in the EmitSVETupleSetOrGet() and EmitSVETupleCreate() functions to ensure that the code expects valid ScalableVectorType instances and will cause an assertion if the cast is invalid, preventing possible null pointer dereferences and improving codes safety.
---
 clang/lib/CodeGen/CGBuiltin.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang/lib/CodeGen/CGBuiltin.cpp b/clang/lib/CodeGen/CGBuiltin.cpp
index 37d0c478e0330..3ba9f4693170f 100644
--- a/clang/lib/CodeGen/CGBuiltin.cpp
+++ b/clang/lib/CodeGen/CGBuiltin.cpp
@@ -10211,7 +10211,7 @@ Value *CodeGenFunction::EmitSVETupleSetOrGet(const SVETypeFlags &TypeFlags,
          "Expects TypleFlag isTupleSet or TypeFlags.isTupleSet()");
 
   unsigned I = cast<ConstantInt>(Ops[1])->getSExtValue();
-  auto *SingleVecTy = dyn_cast<llvm::ScalableVectorType>(
+  auto *SingleVecTy = cast<llvm::ScalableVectorType>(
                       TypeFlags.isTupleSet() ? Ops[2]->getType() : Ty);
   Value *Idx = ConstantInt::get(CGM.Int64Ty,
                                 I * SingleVecTy->getMinNumElements());
@@ -10226,7 +10226,7 @@ Value *CodeGenFunction::EmitSVETupleCreate(const SVETypeFlags &TypeFlags,
                                              ArrayRef<Value *> Ops) {
   assert(TypeFlags.isTupleCreate() && "Expects TypleFlag isTupleCreate");
 
-  auto *SrcTy = dyn_cast<llvm::ScalableVectorType>(Ops[0]->getType());
+  auto *SrcTy = cast<llvm::ScalableVectorType>(Ops[0]->getType());
   unsigned MinElts = SrcTy->getMinNumElements();
   Value *Call = llvm::PoisonValue::get(Ty);
   for (unsigned I = 0; I < Ops.size(); I++) {

>From 2e3942a0acee4a4c9586128d9b9c6019d008cfb7 Mon Sep 17 00:00:00 2001
From: "Manna, Soumi" <soumi.manna at intel.com>
Date: Mon, 3 Jun 2024 11:31:49 -0700
Subject: [PATCH 2/5] Fix Clang format error

---
 clang/lib/CodeGen/CGBuiltin.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clang/lib/CodeGen/CGBuiltin.cpp b/clang/lib/CodeGen/CGBuiltin.cpp
index 3ba9f4693170f..cc366241ac804 100644
--- a/clang/lib/CodeGen/CGBuiltin.cpp
+++ b/clang/lib/CodeGen/CGBuiltin.cpp
@@ -10212,7 +10212,7 @@ Value *CodeGenFunction::EmitSVETupleSetOrGet(const SVETypeFlags &TypeFlags,
 
   unsigned I = cast<ConstantInt>(Ops[1])->getSExtValue();
   auto *SingleVecTy = cast<llvm::ScalableVectorType>(
-                      TypeFlags.isTupleSet() ? Ops[2]->getType() : Ty);
+      TypeFlags.isTupleSet() ? Ops[2]->getType() : Ty);
   Value *Idx = ConstantInt::get(CGM.Int64Ty,
                                 I * SingleVecTy->getMinNumElements());
 

>From 74c3433eb3296bacd31fd852fa50006e9efffdc3 Mon Sep 17 00:00:00 2001
From: "Manna, Soumi" <soumi.manna at intel.com>
Date: Tue, 11 Jun 2024 20:42:09 -0700
Subject: [PATCH 3/5] Update patch

---
 clang/lib/CodeGen/CGBuiltin.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/clang/lib/CodeGen/CGBuiltin.cpp b/clang/lib/CodeGen/CGBuiltin.cpp
index cc366241ac804..204fbaf12daa4 100644
--- a/clang/lib/CodeGen/CGBuiltin.cpp
+++ b/clang/lib/CodeGen/CGBuiltin.cpp
@@ -10208,11 +10208,14 @@ Value *CodeGenFunction::EmitSVETupleSetOrGet(const SVETypeFlags &TypeFlags,
                                              llvm::Type *Ty,
                                              ArrayRef<Value *> Ops) {
   assert((TypeFlags.isTupleSet() || TypeFlags.isTupleGet()) &&
-         "Expects TypleFlag isTupleSet or TypeFlags.isTupleSet()");
+         "Expects TypleFlags.isTupleSet() or TypeFlags.isTupleGet()");
 
   unsigned I = cast<ConstantInt>(Ops[1])->getSExtValue();
-  auto *SingleVecTy = cast<llvm::ScalableVectorType>(
+  auto *SingleVecTy = dyn_cast<llvm::ScalableVectorType>(
       TypeFlags.isTupleSet() ? Ops[2]->getType() : Ty);
+
+  if (!SingleVecTy)
+    retutn nullptr;
   Value *Idx = ConstantInt::get(CGM.Int64Ty,
                                 I * SingleVecTy->getMinNumElements());
 

>From 0d5eb5125079035d36b5135b408ef2f34ef387c0 Mon Sep 17 00:00:00 2001
From: "Manna, Soumi" <soumi.manna at intel.com>
Date: Tue, 11 Jun 2024 20:52:13 -0700
Subject: [PATCH 4/5] Fix build errors

---
 clang/lib/CodeGen/CGBuiltin.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clang/lib/CodeGen/CGBuiltin.cpp b/clang/lib/CodeGen/CGBuiltin.cpp
index 204fbaf12daa4..3fa8cf7bf02aa 100644
--- a/clang/lib/CodeGen/CGBuiltin.cpp
+++ b/clang/lib/CodeGen/CGBuiltin.cpp
@@ -10215,7 +10215,7 @@ Value *CodeGenFunction::EmitSVETupleSetOrGet(const SVETypeFlags &TypeFlags,
       TypeFlags.isTupleSet() ? Ops[2]->getType() : Ty);
 
   if (!SingleVecTy)
-    retutn nullptr;
+    return nullptr;
   Value *Idx = ConstantInt::get(CGM.Int64Ty,
                                 I * SingleVecTy->getMinNumElements());
 

>From 563fb94c4bffc9db77385da47559f5304f7a04ad Mon Sep 17 00:00:00 2001
From: "Manna, Soumi" <soumi.manna at intel.com>
Date: Fri, 28 Jun 2024 10:52:40 -0700
Subject: [PATCH 5/5] Address review commnet

---
 clang/lib/CodeGen/CGBuiltin.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/clang/lib/CodeGen/CGBuiltin.cpp b/clang/lib/CodeGen/CGBuiltin.cpp
index 3fa8cf7bf02aa..f4202faeade67 100644
--- a/clang/lib/CodeGen/CGBuiltin.cpp
+++ b/clang/lib/CodeGen/CGBuiltin.cpp
@@ -10216,6 +10216,7 @@ Value *CodeGenFunction::EmitSVETupleSetOrGet(const SVETypeFlags &TypeFlags,
 
   if (!SingleVecTy)
     return nullptr;
+
   Value *Idx = ConstantInt::get(CGM.Int64Ty,
                                 I * SingleVecTy->getMinNumElements());
 
@@ -10229,7 +10230,11 @@ Value *CodeGenFunction::EmitSVETupleCreate(const SVETypeFlags &TypeFlags,
                                              ArrayRef<Value *> Ops) {
   assert(TypeFlags.isTupleCreate() && "Expects TypleFlag isTupleCreate");
 
-  auto *SrcTy = cast<llvm::ScalableVectorType>(Ops[0]->getType());
+  auto *SrcTy = dyn_cast<llvm::ScalableVectorType>(Ops[0]->getType());
+
+  if (!SrcTy)
+    return nullptr;
+
   unsigned MinElts = SrcTy->getMinNumElements();
   Value *Call = llvm::PoisonValue::get(Ty);
   for (unsigned I = 0; I < Ops.size(); I++) {



More information about the cfe-commits mailing list