[llvm] b9826c1 - [CGP] Ensure address scaled offset is representable as int64_t

Simon Pilgrim via llvm-commits llvm-commits at lists.llvm.org
Fri May 29 04:26:17 PDT 2020 

Author: Simon Pilgrim
Date: 2020-05-29T12:25:43+01:00
New Revision: b9826c10866997a8869a7356a37aade759338b08

URL: https://github.com/llvm/llvm-project/commit/b9826c10866997a8869a7356a37aade759338b08
DIFF: https://github.com/llvm/llvm-project/commit/b9826c10866997a8869a7356a37aade759338b08.diff

LOG: [CGP] Ensure address scaled offset is representable as int64_t

AddressingModeMatcher::matchScaledValue was calling getSExtValue for a constant before ensuring that we can actually represent the value as int64_t

Fixes OSSFuzz#22723 which is a followup to rGc479052a74b2 (PR46004 / OSSFuzz#22357)

Added: 
    

Modified: 
    llvm/lib/CodeGen/CodeGenPrepare.cpp
    llvm/test/CodeGen/X86/pr46004.ll

Removed: 
    


################################################################################
diff  --git a/llvm/lib/CodeGen/CodeGenPrepare.cpp b/llvm/lib/CodeGen/CodeGenPrepare.cpp
index ee4b43446ee1..c22cf5f81ee5 100644
--- a/llvm/lib/CodeGen/CodeGenPrepare.cpp
+++ b/llvm/lib/CodeGen/CodeGenPrepare.cpp
@@ -3715,10 +3715,11 @@ bool AddressingModeMatcher::matchScaledValue(Value *ScaleReg, int64_t Scale,
   // X*Scale + C*Scale to addr mode.
   ConstantInt *CI = nullptr; Value *AddLHS = nullptr;
   if (isa<Instruction>(ScaleReg) &&  // not a constant expr.
-      match(ScaleReg, m_Add(m_Value(AddLHS), m_ConstantInt(CI)))) {
+      match(ScaleReg, m_Add(m_Value(AddLHS), m_ConstantInt(CI))) &&
+      CI->getValue().isSignedIntN(64)) {
     TestAddrMode.InBounds = false;
     TestAddrMode.ScaledReg = AddLHS;
-    TestAddrMode.BaseOffs += CI->getSExtValue()*TestAddrMode.Scale;
+    TestAddrMode.BaseOffs += CI->getSExtValue() * TestAddrMode.Scale;
 
     // If this addressing mode is legal, commit it and remember that we folded
     // this instruction.

diff  --git a/llvm/test/CodeGen/X86/pr46004.ll b/llvm/test/CodeGen/X86/pr46004.ll
index 5b00e5998a3e..19353560e738 100644
--- a/llvm/test/CodeGen/X86/pr46004.ll
+++ b/llvm/test/CodeGen/X86/pr46004.ll
@@ -19,3 +19,18 @@ define void @fuzz22357(i128 %a0) {
   store i8 0, i8* %3, align 1
   ret void
 }
+
+; OSS Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22723
+define void @fuzz22723(i128 %a0) {
+; X86-LABEL: fuzz22723:
+; X86:       # %bb.0:
+; X86-NEXT:    retl
+;
+; X64-LABEL: fuzz22723:
+; X64:       # %bb.0:
+; X64-NEXT:    retq
+  %1 = add i128 %a0, 170141183460469231731687303715884105727
+  %2 = getelementptr i128*, i128** undef, i128 %1
+  store i128* undef, i128** %2, align 8
+  ret void
+}

More information about the llvm-commits mailing list