diff options
| author | Sanjay Patel <spatel@rotateright.com> | 2019-08-16 23:10:34 +0000 |
|---|---|---|
| committer | Sanjay Patel <spatel@rotateright.com> | 2019-08-16 23:10:34 +0000 |
| commit | acceedb15f52108d0e36d8090cb25fcdf34a4fc1 (patch) | |
| tree | d475e828247adce17001494417c71a00f4996c61 /llvm/lib/CodeGen | |
| parent | d0797ece4641580d0c2c4a60ff3d6696b657a2e5 (diff) | |
| download | bcm5719-llvm-acceedb15f52108d0e36d8090cb25fcdf34a4fc1.tar.gz bcm5719-llvm-acceedb15f52108d0e36d8090cb25fcdf34a4fc1.zip | |
[CodeGenPrepare] Fix use-after-free
If OptimizeExtractBits() encountered a shift instruction with no operands at all,
it would erase the instruction, but still return false.
This previously didn’t matter because its caller would always return after
processing the instruction, but https://reviews.llvm.org/D63233 changed the
function’s caller to fall through if it returned false, which would then cause
a use-after-free detectable by ASAN.
This change makes OptimizeExtractBits return true if it removes a shift
instruction with no users, terminating processing of the instruction.
Patch by: @brentdax (Brent Royal-Gordon)
Differential Revision: https://reviews.llvm.org/D66330
llvm-svn: 369168
Diffstat (limited to 'llvm/lib/CodeGen')
| -rw-r--r-- | llvm/lib/CodeGen/CodeGenPrepare.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/llvm/lib/CodeGen/CodeGenPrepare.cpp b/llvm/lib/CodeGen/CodeGenPrepare.cpp index d4d5fcd48cb..7da810c40c4 100644 --- a/llvm/lib/CodeGen/CodeGenPrepare.cpp +++ b/llvm/lib/CodeGen/CodeGenPrepare.cpp @@ -1682,10 +1682,11 @@ static bool OptimizeExtractBits(BinaryOperator *ShiftI, ConstantInt *CI, TheUse = InsertedShift; } - // If we removed all uses, nuke the shift. + // If we removed all uses, or there are none, nuke the shift. if (ShiftI->use_empty()) { salvageDebugInfo(*ShiftI); ShiftI->eraseFromParent(); + MadeChange = true; } return MadeChange; |
