[PATCH] D106462: [SROA] prevent crash on large memset length (PR50910)
Sanjay Patel via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Sat Jul 31 11:08:28 PDT 2021
This revision was landed with ongoing or failed builds.
This revision was automatically updated to reflect the committed changes.
Closed by commit rGf2a322bfcfbc: [SROA] prevent crash on large memset length (PR50910) (authored by spatel).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D106462/new/
https://reviews.llvm.org/D106462
Files:
llvm/lib/Transforms/Scalar/SROA.cpp
llvm/test/Transforms/SROA/slice-width.ll
Index: llvm/test/Transforms/SROA/slice-width.ll
===================================================================
--- llvm/test/Transforms/SROA/slice-width.ll
+++ llvm/test/Transforms/SROA/slice-width.ll
@@ -145,3 +145,16 @@
call void @llvm.memset.p0i8.i64(i8* align 16 %array, i8 0, i64 ptrtoint (void ()* @PR50888 to i64), i1 false)
ret void
}
+
+; Don't crash on out-of-bounds length.
+
+define void @PR50910() {
+; CHECK-LABEL: @PR50910(
+; CHECK-NEXT: [[T1:%.*]] = alloca i8, i64 1, align 8
+; CHECK-NEXT: call void @llvm.memset.p0i8.i64(i8* align 8 [[T1]], i8 0, i64 1, i1 false)
+; CHECK-NEXT: ret void
+;
+ %t1 = alloca i8, i64 1, align 8
+ call void @llvm.memset.p0i8.i64(i8* align 8 %t1, i8 0, i64 4294967296, i1 false)
+ ret void
+}
Index: llvm/lib/Transforms/Scalar/SROA.cpp
===================================================================
--- llvm/lib/Transforms/Scalar/SROA.cpp
+++ llvm/lib/Transforms/Scalar/SROA.cpp
@@ -2811,10 +2811,11 @@
if (BeginOffset > NewAllocaBeginOffset ||
EndOffset < NewAllocaEndOffset)
return false;
+ // Length must be in range for FixedVectorType.
auto *C = cast<ConstantInt>(II.getLength());
- if (C->getBitWidth() > 64)
+ const uint64_t Len = C->getLimitedValue();
+ if (Len > std::numeric_limits<unsigned>::max())
return false;
- const auto Len = C->getZExtValue();
auto *Int8Ty = IntegerType::getInt8Ty(NewAI.getContext());
auto *SrcTy = FixedVectorType::get(Int8Ty, Len);
return canConvertValue(DL, SrcTy, AllocaTy) &&
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D106462.363309.patch
Type: text/x-patch
Size: 1583 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210731/803821a8/attachment.bin>
More information about the llvm-commits
mailing list