Fix a crash in the LL parser where it failed to validate that the pointer operand...

This manifested as an assertion failure in +Asserts builds, and a hard crash in -Asserts builds.  Found by fuzzing the LL parser.

llvm-svn: 230934

diff --git a/llvm/lib/AsmParser/LLParser.cpp b/llvm/lib/AsmParser/LLParser.cpp
index 40563b5..d50da69 100644 (file)
--- a/llvm/lib/AsmParser/LLParser.cpp
+++ b/llvm/lib/AsmParser/LLParser.cpp
@@ -5458,6 +5458,8 @@ int LLParser::ParseGetElementPtr(Instruction *&Inst, PerFunctionState &PFS) {
     return true;
 
   Type *PtrTy = Ptr->getType();
+  if (!isa<SequentialType>(PtrTy))
+    return Error(Loc, "pointer type is not valid");
   if (VectorType *VT = dyn_cast<VectorType>(PtrTy))
     PtrTy = VT->getElementType();
   if (Ty != cast<SequentialType>(PtrTy)->getElementType())

diff --git a/llvm/test/Assembler/getelementptr_invalid_ptr.ll b/llvm/test/Assembler/getelementptr_invalid_ptr.ll
new file mode 100644 (file)
index 0000000..8296dd3
--- /dev/null
+++ b/llvm/test/Assembler/getelementptr_invalid_ptr.ll
@@ -0,0 +1,11 @@
+; RUN: not llvm-as < %s >/dev/null 2> %t
+; RUN: FileCheck %s < %t
+; Test the case of an invalid pointer type on a GEP
+
+; CHECK: pointer type is not valid
+
+define i32* @foo(i32 %a) {
+  %gep = getelementptr i32, i32 %a, i32 1
+  return i32* %gep
+}
+