[llvm] bedd7dd - [InstCombine] Fix use after free
Nikita Popov via llvm-commits
llvm-commits at lists.llvm.org
Tue Jul 1 06:21:20 PDT 2025
Author: Nikita Popov
Date: 2025-07-01T15:18:49+02:00
New Revision: bedd7ddb7fb54c24a296ea6c32606f8172d13896
URL: https://github.com/llvm/llvm-project/commit/bedd7ddb7fb54c24a296ea6c32606f8172d13896
DIFF: https://github.com/llvm/llvm-project/commit/bedd7ddb7fb54c24a296ea6c32606f8172d13896.diff
LOG: [InstCombine] Fix use after free
Load the nowrap flags before calling EmitGEPOffset(), as this may
free the instruction.
Added:
Modified:
llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
Removed:
################################################################################
diff --git a/llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp b/llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
index 6de1f8558e8cd..2bc2fc6ff01fa 100644
--- a/llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
+++ b/llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
@@ -711,9 +711,11 @@ Instruction *InstCombinerImpl::foldGEPICmp(GEPOperator *GEPLHS, Value *RHS,
Value *PtrBase = GEPLHS->getOperand(0);
if (PtrBase == RHS && CanFold(GEPLHS->getNoWrapFlags())) {
// ((gep Ptr, OFFSET) cmp Ptr) ---> (OFFSET cmp 0).
+ GEPNoWrapFlags NW = GEPLHS->getNoWrapFlags();
+ // Do not access GEPLHS after EmitGEPOffset, as the instruction may be
+ // destroyed.
Value *Offset = EmitGEPOffset(GEPLHS, /*RewriteGEP=*/true);
- return NewICmp(GEPLHS->getNoWrapFlags(), Offset,
- Constant::getNullValue(Offset->getType()));
+ return NewICmp(NW, Offset, Constant::getNullValue(Offset->getType()));
}
if (GEPLHS->isInBounds() && ICmpInst::isEquality(Cond) &&
More information about the llvm-commits
mailing list