From c479052a74b204071902c5290059de0f2365db47 Mon Sep 17 00:00:00 2001 From: Simon Pilgrim Date: Fri, 22 May 2020 16:59:05 +0100 Subject: [PATCH] [CGP] Ensure address offset is representable as int64_t AddressingModeMatcher::matchAddr was calling getSExtValue for a constant before ensuring that we can actually represent the value as int64_t Fixes PR46004 / OSSFuzz#22357 --- llvm/lib/CodeGen/CodeGenPrepare.cpp | 12 +++++++----- llvm/test/CodeGen/X86/pr46004.ll | 21 +++++++++++++++++++++ 2 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 llvm/test/CodeGen/X86/pr46004.ll diff --git a/llvm/lib/CodeGen/CodeGenPrepare.cpp b/llvm/lib/CodeGen/CodeGenPrepare.cpp index 1c9592f..e04fb25 100644 --- a/llvm/lib/CodeGen/CodeGenPrepare.cpp +++ b/llvm/lib/CodeGen/CodeGenPrepare.cpp @@ -4512,11 +4512,13 @@ bool AddressingModeMatcher::matchAddr(Value *Addr, unsigned Depth) { TypePromotionTransaction::ConstRestorationPt LastKnownGood = TPT.getRestorationPoint(); if (ConstantInt *CI = dyn_cast(Addr)) { - // Fold in immediates if legal for the target. - AddrMode.BaseOffs += CI->getSExtValue(); - if (TLI.isLegalAddressingMode(DL, AddrMode, AccessTy, AddrSpace)) - return true; - AddrMode.BaseOffs -= CI->getSExtValue(); + if (CI->getValue().isSignedIntN(64)) { + // Fold in immediates if legal for the target. + AddrMode.BaseOffs += CI->getSExtValue(); + if (TLI.isLegalAddressingMode(DL, AddrMode, AccessTy, AddrSpace)) + return true; + AddrMode.BaseOffs -= CI->getSExtValue(); + } } else if (GlobalValue *GV = dyn_cast(Addr)) { // If this is a global variable, try to fold it into the addressing mode. if (!AddrMode.BaseGV) { diff --git a/llvm/test/CodeGen/X86/pr46004.ll b/llvm/test/CodeGen/X86/pr46004.ll new file mode 100644 index 0000000..5b00e59 --- /dev/null +++ b/llvm/test/CodeGen/X86/pr46004.ll @@ -0,0 +1,21 @@ +; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py +; RUN: llc < %s -mtriple=i686-unknown-unknown | FileCheck %s --check-prefix=X86 +; RUN: llc < %s -mtriple=x86_64-unknown-unknown | FileCheck %s --check-prefix=X64 + +; OSS Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22357 +define void @fuzz22357(i128 %a0) { +; X86-LABEL: fuzz22357: +; X86: # %bb.0: +; X86-NEXT: movb $0, (%eax) +; X86-NEXT: retl +; +; X64-LABEL: fuzz22357: +; X64: # %bb.0: +; X64-NEXT: movb $0, (%rax) +; X64-NEXT: retq + %1 = add i128 %a0, 170141183460469231731687303715884105727 + %2 = add nuw nsw i128 %1, 22222 + %3 = getelementptr i8, i8* undef, i128 %2 + store i8 0, i8* %3, align 1 + ret void +} -- 2.7.4