[llvm] 8233439 - [InstCombine] Ensure allocation alignment mask is within range before applying as an attribute

Simon Pilgrim via llvm-commits llvm-commits at lists.llvm.org
Tue Jun 9 09:38:36 PDT 2020 

Author: Simon Pilgrim
Date: 2020-06-09T17:31:55+01:00
New Revision: 8233439fdbf5e11ba4a9f53801008721727f53a5

URL: https://github.com/llvm/llvm-project/commit/8233439fdbf5e11ba4a9f53801008721727f53a5
DIFF: https://github.com/llvm/llvm-project/commit/8233439fdbf5e11ba4a9f53801008721727f53a5.diff

LOG: [InstCombine] Ensure allocation alignment mask is within range before applying as an attribute

Fixes OSS-Fuzz #23214
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23214

Added: 
    

Modified: 
    llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
    llvm/test/Transforms/InstCombine/deref-alloc-fns.ll

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp b/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
index 11ede36c6ba6..4822d2b09799 100644
--- a/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
+++ b/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
@@ -4529,7 +4529,7 @@ static void annotateAnyAllocSite(CallBase &Call, const TargetLibraryInfo *TLI) {
                       Attribute::getWithDereferenceableOrNullBytes(
                           Call.getContext(), Op1C->getZExtValue()));
     // Add alignment attribute if alignment is a power of two constant.
-    if (Op0C) {
+    if (Op0C && Op0C->getValue().ult(llvm::Value::MaximumAlignment)) {
       uint64_t AlignmentVal = Op0C->getZExtValue();
       if (llvm::isPowerOf2_64(AlignmentVal))
         Call.addAttribute(AttributeList::ReturnIndex,

diff  --git a/llvm/test/Transforms/InstCombine/deref-alloc-fns.ll b/llvm/test/Transforms/InstCombine/deref-alloc-fns.ll
index 9d9964de2e00..2726a5fc0fb6 100644
--- a/llvm/test/Transforms/InstCombine/deref-alloc-fns.ll
+++ b/llvm/test/Transforms/InstCombine/deref-alloc-fns.ll
@@ -252,3 +252,18 @@ define noalias i8* @strdup_notconstant_str(i8 * %str) {
   %call = tail call noalias i8* @strdup(i8* %str)
   ret i8* %call
 }
+
+; OSS-Fuzz #23214
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23214
+define noalias i8* @ossfuzz_23214() {
+; CHECK-LABEL: @ossfuzz_23214(
+; CHECK-NEXT:  bb:
+; CHECK-NEXT:    [[CALL:%.*]] = tail call noalias dereferenceable_or_null(512) i8* @aligned_alloc(i64 -9223372036854775808, i64 512)
+; CHECK-NEXT:    ret i8* [[CALL]]
+;
+bb:
+  %and = and i64 -1, -9223372036854775808
+  %call = tail call noalias i8* @aligned_alloc(i64 %and, i64 512)
+  ret i8* %call
+}
+

More information about the llvm-commits mailing list