RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-11-22 02:33:06 +01:00
Code Issues Projects Releases Wiki Activity

[SROA] prevent crash on large memset length (PR50910)

Browse Source 
I don't know much about this pass, but we need a stronger
check on the memset length arg to avoid an assert. The
current code was added with D59000.
The test is reduced from:
https://llvm.org/PR50910

Differential Revision: https://reviews.llvm.org/D106462

(cherry picked from commit f2a322bfcfbc62b5523f32c4eded6faf2cad2e24)
This commit is contained in:
Sanjay Patel 2021-07-31 14:07:30 -04:00 committed by Tom Stellard
parent 30f0ebbbe2
commit 2b94ecbbe0
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/Transforms/Scalar/SROA.cpp
View File

@ -2811,10 +2811,11 @@ private:
if (BeginOffset > NewAllocaBeginOffset ||
EndOffset < NewAllocaEndOffset)
return false;
// Length must be in range for FixedVectorType.
auto *C = cast<ConstantInt>(II.getLength());
if (C->getBitWidth() > 64)
const uint64_t Len = C->getLimitedValue();
if (Len > std::numeric_limits<unsigned>::max())
return false;
const auto Len = C->getZExtValue();
auto *Int8Ty = IntegerType::getInt8Ty(NewAI.getContext());
auto *SrcTy = FixedVectorType::get(Int8Ty, Len);
return canConvertValue(DL, SrcTy, AllocaTy) &&

13
test/Transforms/SROA/slice-width.ll
View File

@ -145,3 +145,16 @@ define void @PR50888() {
call void @llvm.memset.p0i8.i64(i8* align 16 %array, i8 0, i64 ptrtoint (void ()* @PR50888 to i64), i1 false)
ret void
}
; Don't crash on out-of-bounds length.
define void @PR50910() {
; CHECK-LABEL: @PR50910(
; CHECK-NEXT: [[T1:%.*]] = alloca i8, i64 1, align 8
; CHECK-NEXT: call void @llvm.memset.p0i8.i64(i8* align 8 [[T1]], i8 0, i64 1, i1 false)
; CHECK-NEXT: ret void
;
%t1 = alloca i8, i64 1, align 8
call void @llvm.memset.p0i8.i64(i8* align 8 %t1, i8 0, i64 4294967296, i1 false)
ret void
}