[InstCombine] Ensure allocation alignment mask is within range before applying as...

Fixes OSS-Fuzz #23214
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23214

diff --git a/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp b/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
index 11ede36..4822d2b 100644 (file)
--- a/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
+++ b/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
@@ -4529,7 +4529,7 @@ static void annotateAnyAllocSite(CallBase &Call, const TargetLibraryInfo *TLI) {
                       Attribute::getWithDereferenceableOrNullBytes(
                           Call.getContext(), Op1C->getZExtValue()));
     // Add alignment attribute if alignment is a power of two constant.
-    if (Op0C) {
+    if (Op0C && Op0C->getValue().ult(llvm::Value::MaximumAlignment)) {
       uint64_t AlignmentVal = Op0C->getZExtValue();
       if (llvm::isPowerOf2_64(AlignmentVal))
         Call.addAttribute(AttributeList::ReturnIndex,

diff --git a/llvm/test/Transforms/InstCombine/deref-alloc-fns.ll b/llvm/test/Transforms/InstCombine/deref-alloc-fns.ll
index 9d9964d..2726a5f 100644 (file)
--- a/llvm/test/Transforms/InstCombine/deref-alloc-fns.ll
+++ b/llvm/test/Transforms/InstCombine/deref-alloc-fns.ll
@@ -252,3 +252,18 @@ define noalias i8* @strdup_notconstant_str(i8 * %str) {
   %call = tail call noalias i8* @strdup(i8* %str)
   ret i8* %call
 }
+
+; OSS-Fuzz #23214
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23214
+define noalias i8* @ossfuzz_23214() {
+; CHECK-LABEL: @ossfuzz_23214(
+; CHECK-NEXT:  bb:
+; CHECK-NEXT:    [[CALL:%.*]] = tail call noalias dereferenceable_or_null(512) i8* @aligned_alloc(i64 -9223372036854775808, i64 512)
+; CHECK-NEXT:    ret i8* [[CALL]]
+;
+bb:
+  %and = and i64 -1, -9223372036854775808
+  %call = tail call noalias i8* @aligned_alloc(i64 %and, i64 512)
+  ret i8* %call
+}
+