diff options
| -rw-r--r-- | llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp | 6 | ||||
| -rw-r--r-- | llvm/test/CodeGen/X86/buildvec-insertvec.ll | 15 |
2 files changed, 20 insertions, 1 deletions
diff --git a/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp b/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp index d353dc241d1..73b86632bc4 100644 --- a/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp +++ b/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp @@ -14779,12 +14779,16 @@ SDValue DAGCombiner::reduceBuildVecToShuffle(SDNode *N) { } // Not an undef or zero. If the input is something other than an - // EXTRACT_VECTOR_ELT with a constant index, bail out. + // EXTRACT_VECTOR_ELT with an in-range constant index, bail out. if (Op.getOpcode() != ISD::EXTRACT_VECTOR_ELT || !isa<ConstantSDNode>(Op.getOperand(1))) return SDValue(); SDValue ExtractedFromVec = Op.getOperand(0); + APInt ExtractIdx = cast<ConstantSDNode>(Op.getOperand(1))->getAPIntValue(); + if (ExtractIdx.uge(ExtractedFromVec.getValueType().getVectorNumElements())) + return SDValue(); + // All inputs must have the same element type as the output. if (VT.getVectorElementType() != ExtractedFromVec.getValueType().getVectorElementType()) diff --git a/llvm/test/CodeGen/X86/buildvec-insertvec.ll b/llvm/test/CodeGen/X86/buildvec-insertvec.ll index dac5976dbec..b96233aa788 100644 --- a/llvm/test/CodeGen/X86/buildvec-insertvec.ll +++ b/llvm/test/CodeGen/X86/buildvec-insertvec.ll @@ -556,3 +556,18 @@ define <16 x i8> @test_buildvector_v16i8_register_zero_2(i8 %a2, i8 %a3, i8 %a6, %ins15 = insertelement <16 x i8> %ins14, i8 %a15, i32 15 ret <16 x i8> %ins15 } + +; OSS-Fuzz #5688 +; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5688 +define <4 x i32> @ossfuzz5688(i32 %a0) { +; CHECK-LABEL: ossfuzz5688: +; CHECK: # %bb.0: +; CHECK-NEXT: retq + %1 = insertelement <4 x i32> zeroinitializer, i32 -2147483648, i32 %a0 + %2 = extractelement <4 x i32> %1, i32 %a0 + %3 = extractelement <4 x i32> <i32 30, i32 53, i32 42, i32 12>, i32 %2 + %4 = extractelement <4 x i32> zeroinitializer, i32 %2 + %5 = insertelement <4 x i32> undef, i32 %3, i32 undef + store i32 %4, i32* undef + ret <4 x i32> %5 +} |
