[llvm] r365180 - [X86][SSE] LowerINSERT_VECTOR_ELT - early out for out of range indices

Simon Pilgrim via llvm-commits llvm-commits at lists.llvm.org
Fri Jul 5 03:34:54 PDT 2019


Author: rksimon
Date: Fri Jul  5 03:34:53 2019
New Revision: 365180

URL: http://llvm.org/viewvc/llvm-project?rev=365180&view=rev
Log:
[X86][SSE] LowerINSERT_VECTOR_ELT - early out for out of range indices

Fixes OSS-Fuzz #15662

Modified:
    llvm/trunk/lib/Target/X86/X86ISelLowering.cpp
    llvm/trunk/test/CodeGen/X86/vec_extract.ll

Modified: llvm/trunk/lib/Target/X86/X86ISelLowering.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Target/X86/X86ISelLowering.cpp?rev=365180&r1=365179&r2=365180&view=diff
==============================================================================
--- llvm/trunk/lib/Target/X86/X86ISelLowering.cpp (original)
+++ llvm/trunk/lib/Target/X86/X86ISelLowering.cpp Fri Jul  5 03:34:53 2019
@@ -17091,10 +17091,10 @@ SDValue X86TargetLowering::LowerINSERT_V
   SDValue N0 = Op.getOperand(0);
   SDValue N1 = Op.getOperand(1);
   SDValue N2 = Op.getOperand(2);
-  if (!isa<ConstantSDNode>(N2))
+
+  auto *N2C = dyn_cast<ConstantSDNode>(N2);
+  if (!N2C || N2C->getAPIntValue().uge(NumElts))
     return SDValue();
-  auto *N2C = cast<ConstantSDNode>(N2);
-  assert(N2C->getAPIntValue().ult(NumElts) && "Out of range element index");
   uint64_t IdxVal = N2C->getZExtValue();
 
   bool IsZeroElt = X86::isZeroNode(N1);

Modified: llvm/trunk/test/CodeGen/X86/vec_extract.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/CodeGen/X86/vec_extract.ll?rev=365180&r1=365179&r2=365180&view=diff
==============================================================================
--- llvm/trunk/test/CodeGen/X86/vec_extract.ll (original)
+++ llvm/trunk/test/CodeGen/X86/vec_extract.ll Fri Jul  5 03:34:53 2019
@@ -100,5 +100,28 @@ entry:
   %tmp3 = fadd double %tmp2, %A
   ret double %tmp3
 }
-
 declare <2 x double> @foo()
+
+; OSS-Fuzz #15662
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15662
+define <4 x i32> @ossfuzz15662(<4 x i32*>* %in) {
+; X32-LABEL: ossfuzz15662:
+; X32:       # %bb.0:
+; X32-NEXT:    xorps %xmm0, %xmm0
+; X32-NEXT:    movaps %xmm0, (%eax)
+; X32-NEXT:    xorps %xmm0, %xmm0
+; X32-NEXT:    retl
+;
+; X64-LABEL: ossfuzz15662:
+; X64:       # %bb.0:
+; X64-NEXT:    xorps %xmm0, %xmm0
+; X64-NEXT:    movaps %xmm0, (%rax)
+; X64-NEXT:    xorps %xmm0, %xmm0
+; X64-NEXT:    retq
+   %C10 = icmp ule i1 false, false
+   %C3 = icmp ule i1 true, undef
+   %B = sdiv i1 %C10, %C3
+   %I = insertelement <4 x i32> zeroinitializer, i32 0, i1 %B
+   store <4 x i32> %I, <4 x i32>* undef
+   ret <4 x i32> zeroinitializer
+}




More information about the llvm-commits mailing list