[llvm] r323535 - [DAGCombine] reduceBuildVecToShuffle - ensure EXTRACT_VECTOR_ELT index is in range
Simon Pilgrim via llvm-commits
llvm-commits at lists.llvm.org
Fri Jan 26 07:50:20 PST 2018
Author: rksimon
Date: Fri Jan 26 07:50:20 2018
New Revision: 323535
URL: http://llvm.org/viewvc/llvm-project?rev=323535&view=rev
Log:
[DAGCombine] reduceBuildVecToShuffle - ensure EXTRACT_VECTOR_ELT index is in range
>From OSS Fuzz Test Case #5688
Modified:
llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp
llvm/trunk/test/CodeGen/X86/buildvec-insertvec.ll
Modified: llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp?rev=323535&r1=323534&r2=323535&view=diff
==============================================================================
--- llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp (original)
+++ llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp Fri Jan 26 07:50:20 2018
@@ -14779,12 +14779,16 @@ SDValue DAGCombiner::reduceBuildVecToShu
}
// Not an undef or zero. If the input is something other than an
- // EXTRACT_VECTOR_ELT with a constant index, bail out.
+ // EXTRACT_VECTOR_ELT with an in-range constant index, bail out.
if (Op.getOpcode() != ISD::EXTRACT_VECTOR_ELT ||
!isa<ConstantSDNode>(Op.getOperand(1)))
return SDValue();
SDValue ExtractedFromVec = Op.getOperand(0);
+ APInt ExtractIdx = cast<ConstantSDNode>(Op.getOperand(1))->getAPIntValue();
+ if (ExtractIdx.uge(ExtractedFromVec.getValueType().getVectorNumElements()))
+ return SDValue();
+
// All inputs must have the same element type as the output.
if (VT.getVectorElementType() !=
ExtractedFromVec.getValueType().getVectorElementType())
Modified: llvm/trunk/test/CodeGen/X86/buildvec-insertvec.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/CodeGen/X86/buildvec-insertvec.ll?rev=323535&r1=323534&r2=323535&view=diff
==============================================================================
--- llvm/trunk/test/CodeGen/X86/buildvec-insertvec.ll (original)
+++ llvm/trunk/test/CodeGen/X86/buildvec-insertvec.ll Fri Jan 26 07:50:20 2018
@@ -556,3 +556,18 @@ define <16 x i8> @test_buildvector_v16i8
%ins15 = insertelement <16 x i8> %ins14, i8 %a15, i32 15
ret <16 x i8> %ins15
}
+
+; OSS-Fuzz #5688
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5688
+define <4 x i32> @ossfuzz5688(i32 %a0) {
+; CHECK-LABEL: ossfuzz5688:
+; CHECK: # %bb.0:
+; CHECK-NEXT: retq
+ %1 = insertelement <4 x i32> zeroinitializer, i32 -2147483648, i32 %a0
+ %2 = extractelement <4 x i32> %1, i32 %a0
+ %3 = extractelement <4 x i32> <i32 30, i32 53, i32 42, i32 12>, i32 %2
+ %4 = extractelement <4 x i32> zeroinitializer, i32 %2
+ %5 = insertelement <4 x i32> undef, i32 %3, i32 undef
+ store i32 %4, i32* undef
+ ret <4 x i32> %5
+}
More information about the llvm-commits
mailing list