From 485212f67c971584d4994daf38c70b651682ad3b Mon Sep 17 00:00:00 2001
From: Justin Bogner <mail@justinbogner.com>
Date: Sat, 20 Jun 2015 06:24:05 +0000
Subject: [PATCH] IndVarSimplify: Avoid UB from binding a reference to a null
 pointer

Calling operator* on a WeakVH whose Value is null hits undefined
behaviour, since we bind the value to a reference. Instead, go through
`operator Value*` so that we work with the pointer itself.

Found by ubsan.

llvm-svn: 240214
---
 llvm/lib/Transforms/Scalar/IndVarSimplify.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/llvm/lib/Transforms/Scalar/IndVarSimplify.cpp b/llvm/lib/Transforms/Scalar/IndVarSimplify.cpp
index ad2c972..e931382 100644
--- a/llvm/lib/Transforms/Scalar/IndVarSimplify.cpp
+++ b/llvm/lib/Transforms/Scalar/IndVarSimplify.cpp
@@ -2013,10 +2013,11 @@ bool IndVarSimplify::runOnLoop(Loop *L, LPPassManager &LPM) {
 
   // Now that we're done iterating through lists, clean up any instructions
   // which are now dead.
-  while (!DeadInsts.empty())
-    if (Instruction *Inst =
-          dyn_cast_or_null<Instruction>(&*DeadInsts.pop_back_val()))
+  while (!DeadInsts.empty()) {
+    Value *V = static_cast<Value *>(DeadInsts.pop_back_val());
+    if (Instruction *Inst = dyn_cast_or_null<Instruction>(V))
       RecursivelyDeleteTriviallyDeadInstructions(Inst, TLI);
+  }
 
   // The Rewriter may not be used from this point on.
 
-- 
2.7.4