From: Alexey Samsonov <vonosmas@gmail.com>
Date: Fri, 12 Jun 2015 21:05:32 +0000 (+0000)
Subject: [CGCall] Fix potential invalid iterator decrement in findDominatingStoreToReturnValue.
X-Git-Tag: llvmorg-3.7.0-rc1~2459
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1054420ba3b908ade5ef654c4cb82f174a8430c4;p=platform%2Fupstream%2Fllvm.git

[CGCall] Fix potential invalid iterator decrement in findDominatingStoreToReturnValue.

If llvm.lifetime.end turns out to be the first instruction in the last
basic block, we can decrement the iterator twice, going past rend.
At the moment, this can never happen because llvm.lifetime.end always
goes immediately after bitcast, but relying on this is very brittle.

llvm-svn: 239638
---

diff --git a/clang/lib/CodeGen/CGCall.cpp b/clang/lib/CodeGen/CGCall.cpp
index 5d34e28..6903073 100644
--- a/clang/lib/CodeGen/CGCall.cpp
+++ b/clang/lib/CodeGen/CGCall.cpp
@@ -2271,11 +2271,10 @@ static llvm::StoreInst *findDominatingStoreToReturnValue(CodeGenFunction &CGF) {
         if (Intrinsic->getIntrinsicID() == llvm::Intrinsic::lifetime_end) {
           const llvm::Value *CastAddr = Intrinsic->getArgOperand(1);
           ++II;
-          if (isa<llvm::BitCastInst>(&*II)) {
-            if (CastAddr == &*II) {
-              continue;
-            }
-          }
+          if (II == IE)
+            break;
+          if (isa<llvm::BitCastInst>(&*II) && (CastAddr == &*II))
+            continue;
         }
       }
       I = &*II;