[llvm] [InstCombine] Fix null pointer dereference in `foldCmpLoadFromIndexedGlobal` (PR #93050)

Wed May 22 08:34:01 PDT 2024

https://github.com/dtcxzyw created https://github.com/llvm/llvm-project/pull/93050

Closes https://github.com/llvm/llvm-project/issues/93029

>From 7cfd71ab4bfc5448df9812a748307094e1eaf9ed Mon Sep 17 00:00:00 2001
From: Yingwei Zheng <dtcxzyw2333 at gmail.com>
Date: Wed, 22 May 2024 23:32:42 +0800
Subject: [PATCH] [InstCombine] Fix null pointer dereference in
 `foldCmpLoadFromIndexedGlobal`

---
 .../InstCombine/InstCombineCompares.cpp       |  4 ++++
 llvm/test/Transforms/InstCombine/pr93029.ll   | 21 +++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 llvm/test/Transforms/InstCombine/pr93029.ll

diff --git a/llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp b/llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
index 542a1c82b127a..04ecf037b719e 100644
--- a/llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
+++ b/llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
@@ -214,6 +214,10 @@ Instruction *InstCombinerImpl::foldCmpLoadFromIndexedGlobal(
     // Find out if the comparison would be true or false for the i'th element.
     Constant *C = ConstantFoldCompareInstOperands(ICI.getPredicate(), Elt,
                                                   CompareRHS, DL, &TLI);
+
+    if (!C)
+      return nullptr;
+
     // If the result is undef for this element, ignore it.
     if (isa<UndefValue>(C)) {
       // Extend range state machines to cover this element in case there is an
diff --git a/llvm/test/Transforms/InstCombine/pr93029.ll b/llvm/test/Transforms/InstCombine/pr93029.ll
new file mode 100644
index 0000000000000..18a1470a0e312
--- /dev/null
+++ b/llvm/test/Transforms/InstCombine/pr93029.ll
@@ -0,0 +1,21 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py UTC_ARGS: --version 5
+; RUN: opt -S -passes=instcombine < %s | FileCheck %s
+
+ at global = external global i32
+ at global_arr = constant [2 x ptr] [ptr @global, ptr @global]
+
+define i1 @pr93029(i64 %idx) {
+; CHECK-LABEL: define i1 @pr93029(
+; CHECK-SAME: i64 [[IDX:%.*]]) {
+; CHECK-NEXT:  [[ENTRY:.*:]]
+; CHECK-NEXT:    [[ARRAYIDX:%.*]] = getelementptr [2 x ptr], ptr @global_arr, i64 0, i64 [[IDX]]
+; CHECK-NEXT:    [[PTR:%.*]] = load ptr, ptr [[ARRAYIDX]], align 8
+; CHECK-NEXT:    [[CMP:%.*]] = icmp ult ptr [[PTR]], inttoptr (i64 10001 to ptr)
+; CHECK-NEXT:    ret i1 [[CMP]]
+;
+entry:
+  %arrayidx = getelementptr [2 x ptr], ptr @global_arr, i64 0, i64 %idx
+  %ptr = load ptr, ptr %arrayidx, align 8
+  %cmp = icmp ult ptr %ptr, inttoptr (i64 10001 to ptr)
+  ret i1 %cmp
+}

