[llvm] c479052 - [CGP] Ensure address offset is representable as int64_t

Simon Pilgrim via llvm-commits llvm-commits at lists.llvm.org
Fri May 22 09:13:16 PDT 2020 

Author: Simon Pilgrim
Date: 2020-05-22T17:00:22+01:00
New Revision: c479052a74b204071902c5290059de0f2365db47

URL: https://github.com/llvm/llvm-project/commit/c479052a74b204071902c5290059de0f2365db47
DIFF: https://github.com/llvm/llvm-project/commit/c479052a74b204071902c5290059de0f2365db47.diff

LOG: [CGP] Ensure address offset is representable as int64_t

AddressingModeMatcher::matchAddr was calling getSExtValue for a constant before ensuring that we can actually represent the value as int64_t

Fixes PR46004 / OSSFuzz#22357

Added: 
    llvm/test/CodeGen/X86/pr46004.ll

Modified: 
    llvm/lib/CodeGen/CodeGenPrepare.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/CodeGen/CodeGenPrepare.cpp b/llvm/lib/CodeGen/CodeGenPrepare.cpp
index 1c9592fdd384..e04fb2507571 100644
--- a/llvm/lib/CodeGen/CodeGenPrepare.cpp
+++ b/llvm/lib/CodeGen/CodeGenPrepare.cpp
@@ -4512,11 +4512,13 @@ bool AddressingModeMatcher::matchAddr(Value *Addr, unsigned Depth) {
   TypePromotionTransaction::ConstRestorationPt LastKnownGood =
       TPT.getRestorationPoint();
   if (ConstantInt *CI = dyn_cast<ConstantInt>(Addr)) {
-    // Fold in immediates if legal for the target.
-    AddrMode.BaseOffs += CI->getSExtValue();
-    if (TLI.isLegalAddressingMode(DL, AddrMode, AccessTy, AddrSpace))
-      return true;
-    AddrMode.BaseOffs -= CI->getSExtValue();
+    if (CI->getValue().isSignedIntN(64)) {
+      // Fold in immediates if legal for the target.
+      AddrMode.BaseOffs += CI->getSExtValue();
+      if (TLI.isLegalAddressingMode(DL, AddrMode, AccessTy, AddrSpace))
+        return true;
+      AddrMode.BaseOffs -= CI->getSExtValue();
+    }
   } else if (GlobalValue *GV = dyn_cast<GlobalValue>(Addr)) {
     // If this is a global variable, try to fold it into the addressing mode.
     if (!AddrMode.BaseGV) {

diff  --git a/llvm/test/CodeGen/X86/pr46004.ll b/llvm/test/CodeGen/X86/pr46004.ll
new file mode 100644
index 000000000000..5b00e5998a3e
--- /dev/null
+++ b/llvm/test/CodeGen/X86/pr46004.ll
@@ -0,0 +1,21 @@
+; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py
+; RUN: llc < %s -mtriple=i686-unknown-unknown | FileCheck %s --check-prefix=X86
+; RUN: llc < %s -mtriple=x86_64-unknown-unknown | FileCheck %s --check-prefix=X64
+
+; OSS Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22357
+define void @fuzz22357(i128 %a0) {
+; X86-LABEL: fuzz22357:
+; X86:       # %bb.0:
+; X86-NEXT:    movb $0, (%eax)
+; X86-NEXT:    retl
+;
+; X64-LABEL: fuzz22357:
+; X64:       # %bb.0:
+; X64-NEXT:    movb $0, (%rax)
+; X64-NEXT:    retq
+  %1 = add i128 %a0, 170141183460469231731687303715884105727
+  %2 = add nuw nsw i128 %1, 22222
+  %3 = getelementptr i8, i8* undef, i128 %2
+  store i8 0, i8* %3, align 1
+  ret void
+}

More information about the llvm-commits mailing list