[ConstantFold] ConstantFoldGetElementPtr - use APInt::isNegative() in…

…stead of getSExtValue() to support big ints Fixes fuzz test: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39197
llvm · Sep 24, 2021 · bdee805 · bdee805
1 parent 36eb6c0
commit bdee805
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/llvm/lib/IR/ConstantFold.cpp b/llvm/lib/IR/ConstantFold.cpp
@@ -2326,7 +2326,7 @@ Constant *llvm::ConstantFoldGetElementPtr(Type *PointeeTy, Constant *C,
       if (isIndexInRangeOfArrayType(STy->getNumElements(), CI))
         // It's in range, skip to the next index.
         continue;
-      if (CI->getSExtValue() < 0) {
+      if (CI->isNegative()) {
         // It's out of range and negative, don't try to factor it.
         Unknown = true;
         continue;
@@ -2337,7 +2337,7 @@ Constant *llvm::ConstantFoldGetElementPtr(Type *PointeeTy, Constant *C,
       for (unsigned I = 0, E = CV->getNumElements(); I != E; ++I) {
         auto *CI = cast<ConstantInt>(CV->getElementAsConstant(I));
         InRange &= isIndexInRangeOfArrayType(STy->getNumElements(), CI);
-        if (CI->getSExtValue() < 0) {
+        if (CI->isNegative()) {
           Unknown = true;
           break;
         }

diff --git a/llvm/test/Transforms/SCCP/apint-bigint2.ll b/llvm/test/Transforms/SCCP/apint-bigint2.ll
@@ -62,3 +62,19 @@ define void @index_too_large() {
   store i101* %ptr2, i101** undef
   ret void
 }
+
+; OSS-Fuzz #39197
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39197
+@0 = external dso_local unnamed_addr constant [16 x i8]
+define void @ossfuzz_39197() {
+; CHECK-LABEL: @ossfuzz_39197(
+; CHECK-NEXT:  entry:
+; CHECK-NEXT:    ret void
+;
+entry:
+  %B5 = or i72 0, 2361183241434822606847
+  %i = add nuw nsw i72 %B5, 0
+  %i1 = lshr i72 %i, 1
+  %i2 = getelementptr inbounds [4 x [4 x i8]], [4 x [4 x i8]]* bitcast ([16 x i8]* @0 to [4 x [4 x i8]]*), i72 0, i72 0, i72 %i1
+  ret void
+}