[Analysis] improve function signature checking for snprintf

The check for size_t parameter 1 was already here for snprintf_chk, but it wasn't applied to regular snprintf. This could lead to mismatching and eventually crashing as shown in: https://llvm.org/PR50885 (cherry picked from commit 7f5555776513f174729a686ed01270e23462aaf7)
2024-11-22 10:42:39 +01:00 · 2021-07-31 15:13:42 -04:00 · 2021-07-31 15:13:42 -04:00 · d4eedb2312
commit d4eedb2312
parent 9770d34891
2 changed files with 16 additions and 3 deletions
--- a/lib/Analysis/TargetLibraryInfo.cpp
+++ b/lib/Analysis/TargetLibraryInfo.cpp
@ -893,9 +893,10 @@ bool TargetLibraryInfoImpl::isValidProtoForLibFunc(const FunctionType &FTy,
           FTy.getReturnType()->isIntegerTy(32);
  case LibFunc_snprintf:
-    return (NumParams == 3 && FTy.getParamType(0)->isPointerTy() &&
+    return NumParams == 3 && FTy.getParamType(0)->isPointerTy() &&
-            FTy.getParamType(2)->isPointerTy() &&
+           IsSizeTTy(FTy.getParamType(1)) &&
-            FTy.getReturnType()->isIntegerTy(32));
+           FTy.getParamType(2)->isPointerTy() &&
           FTy.getReturnType()->isIntegerTy(32);
  case LibFunc_snprintf_chk:
    return NumParams == 5 && FTy.getParamType(0)->isPointerTy() &&
--- a/test/Transforms/InstCombine/simplify-libcalls.ll
+++ b/test/Transforms/InstCombine/simplify-libcalls.ll
@ -217,6 +217,18 @@ define double @fake_ldexp_16(i16 %x) {
  ret double %z
 }
 ; PR50885 - this would crash in ValueTracking.
 declare i32 @snprintf(i8*, double, i32*)
 define i32 @fake_snprintf(i32 %buf, double %len, i32 * %str) {
 ; CHECK-LABEL: @fake_snprintf(
 ; CHECK-NEXT:    [[CALL:%.*]] = call i32 @snprintf(i8* undef, double [[LEN:%.*]], i32* [[STR:%.*]])
 ; CHECK-NEXT:    ret i32 [[CALL]]
 ;
  %call = call i32 @snprintf(i8* undef, double %len, i32* %str)
  ret i32 %call
 }
 attributes #0 = { nobuiltin }
 attributes #1 = { builtin }