From bdee805b3277e04677490f42e62aa28478331254 Mon Sep 17 00:00:00 2001
From: Simon Pilgrim <llvm-dev@redking.me.uk>
Date: Fri, 24 Sep 2021 18:08:56 +0100
Subject: [PATCH] [ConstantFold] ConstantFoldGetElementPtr - use
 APInt::isNegative() instead of getSExtValue() to support big ints

Fixes fuzz test: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39197
---
 llvm/lib/IR/ConstantFold.cpp               |  4 ++--
 llvm/test/Transforms/SCCP/apint-bigint2.ll | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/llvm/lib/IR/ConstantFold.cpp b/llvm/lib/IR/ConstantFold.cpp
index b3b296b9998dce..2c0532bbf3e00e 100644
--- a/llvm/lib/IR/ConstantFold.cpp
+++ b/llvm/lib/IR/ConstantFold.cpp
@@ -2326,7 +2326,7 @@ Constant *llvm::ConstantFoldGetElementPtr(Type *PointeeTy, Constant *C,
       if (isIndexInRangeOfArrayType(STy->getNumElements(), CI))
         // It's in range, skip to the next index.
         continue;
-      if (CI->getSExtValue() < 0) {
+      if (CI->isNegative()) {
         // It's out of range and negative, don't try to factor it.
         Unknown = true;
         continue;
@@ -2337,7 +2337,7 @@ Constant *llvm::ConstantFoldGetElementPtr(Type *PointeeTy, Constant *C,
       for (unsigned I = 0, E = CV->getNumElements(); I != E; ++I) {
         auto *CI = cast<ConstantInt>(CV->getElementAsConstant(I));
         InRange &= isIndexInRangeOfArrayType(STy->getNumElements(), CI);
-        if (CI->getSExtValue() < 0) {
+        if (CI->isNegative()) {
           Unknown = true;
           break;
         }
diff --git a/llvm/test/Transforms/SCCP/apint-bigint2.ll b/llvm/test/Transforms/SCCP/apint-bigint2.ll
index 0de8f3954cc5fc..3639d132689845 100644
--- a/llvm/test/Transforms/SCCP/apint-bigint2.ll
+++ b/llvm/test/Transforms/SCCP/apint-bigint2.ll
@@ -62,3 +62,19 @@ define void @index_too_large() {
   store i101* %ptr2, i101** undef
   ret void
 }
+
+; OSS-Fuzz #39197
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39197
+@0 = external dso_local unnamed_addr constant [16 x i8]
+define void @ossfuzz_39197() {
+; CHECK-LABEL: @ossfuzz_39197(
+; CHECK-NEXT:  entry:
+; CHECK-NEXT:    ret void
+;
+entry:
+  %B5 = or i72 0, 2361183241434822606847
+  %i = add nuw nsw i72 %B5, 0
+  %i1 = lshr i72 %i, 1
+  %i2 = getelementptr inbounds [4 x [4 x i8]], [4 x [4 x i8]]* bitcast ([16 x i8]* @0 to [4 x [4 x i8]]*), i72 0, i72 0, i72 %i1
+  ret void
+}