Don't use isa<CallInst>(this) in the constructor for CallInst's base class.

This has undefined behavior, because the classof implementation attempts to
access parts of the not-yet-constructed derived class. Found by clang
-fsanitize=vptr.

llvm-svn: 170658

1 files changed, 5 insertions, 2 deletions

diff --git a/llvm/lib/VMCore/Value.cpp b/llvm/lib/VMCore/Value.cpp
index b10e093c152..04ae4415138 100644
--- a/llvm/lib/VMCore/Value.cpp
+++ b/llvm/lib/VMCore/Value.cpp
@@ -46,10 +46,13 @@ Value::Value(Type *ty, unsigned scid)
     SubclassOptionalData(0), SubclassData(0), VTy((Type*)checkType(ty)),
     UseList(0), Name(0) {
   // FIXME: Why isn't this in the subclass gunk??
-  if (isa<CallInst>(this) || isa<InvokeInst>(this))
+  // Note, we cannot call isa<CallInst> before the CallInst has been
+  // constructed.
+  if (SubclassID == Instruction::Call || SubclassID == Instruction::Invoke)
     assert((VTy->isFirstClassType() || VTy->isVoidTy() || VTy->isStructTy()) &&
            "invalid CallInst type!");
-  else if (!isa<Constant>(this) && !isa<BasicBlock>(this))
+  else if (SubclassID != BasicBlockVal &&
+           (SubclassID < ConstantFirstVal || SubclassID > ConstantLastVal))
     assert((VTy->isFirstClassType() || VTy->isVoidTy()) &&
            "Cannot create non-first-class values except for constants!");
 }