diff options
| author | Sanjay Patel <spatel@rotateright.com> | 2021-07-31 15:13:42 -0400 |
|---|---|---|
| committer | Tom Stellard <tstellar@redhat.com> | 2021-08-02 22:58:39 -0700 |
| commit | d6974c010878cae1df5b27067230ee5dcbc63342 (patch) | |
| tree | bb1f8f9af6fd4a4e53eb0cec95763fca77d85f18 | |
| parent | 60c388a4d66ea306a9da3fb7fea27227fcb6ab63 (diff) | |
| download | llvmorg-13.0.0-rc1.tar.gz | |
[Analysis] improve function signature checking for snprintfllvmorg-13.0.0-rc1
The check for size_t parameter 1 was already here for snprintf_chk,
but it wasn't applied to regular snprintf. This could lead to
mismatching and eventually crashing as shown in:
https://llvm.org/PR50885
(cherry picked from commit 7f5555776513f174729a686ed01270e23462aaf7)
| -rw-r--r-- | llvm/lib/Analysis/TargetLibraryInfo.cpp | 7 | ||||
| -rw-r--r-- | llvm/test/Transforms/InstCombine/simplify-libcalls.ll | 12 |
2 files changed, 16 insertions, 3 deletions
diff --git a/llvm/lib/Analysis/TargetLibraryInfo.cpp b/llvm/lib/Analysis/TargetLibraryInfo.cpp index 4a8818f2e2a8..c3a609ee4fe1 100644 --- a/llvm/lib/Analysis/TargetLibraryInfo.cpp +++ b/llvm/lib/Analysis/TargetLibraryInfo.cpp @@ -893,9 +893,10 @@ bool TargetLibraryInfoImpl::isValidProtoForLibFunc(const FunctionType &FTy, FTy.getReturnType()->isIntegerTy(32); case LibFunc_snprintf: - return (NumParams == 3 && FTy.getParamType(0)->isPointerTy() && - FTy.getParamType(2)->isPointerTy() && - FTy.getReturnType()->isIntegerTy(32)); + return NumParams == 3 && FTy.getParamType(0)->isPointerTy() && + IsSizeTTy(FTy.getParamType(1)) && + FTy.getParamType(2)->isPointerTy() && + FTy.getReturnType()->isIntegerTy(32); case LibFunc_snprintf_chk: return NumParams == 5 && FTy.getParamType(0)->isPointerTy() && diff --git a/llvm/test/Transforms/InstCombine/simplify-libcalls.ll b/llvm/test/Transforms/InstCombine/simplify-libcalls.ll index 25b168515cb8..f80286a8cc7e 100644 --- a/llvm/test/Transforms/InstCombine/simplify-libcalls.ll +++ b/llvm/test/Transforms/InstCombine/simplify-libcalls.ll @@ -217,6 +217,18 @@ define double @fake_ldexp_16(i16 %x) { ret double %z } +; PR50885 - this would crash in ValueTracking. + +declare i32 @snprintf(i8*, double, i32*) + +define i32 @fake_snprintf(i32 %buf, double %len, i32 * %str) { +; CHECK-LABEL: @fake_snprintf( +; CHECK-NEXT: [[CALL:%.*]] = call i32 @snprintf(i8* undef, double [[LEN:%.*]], i32* [[STR:%.*]]) +; CHECK-NEXT: ret i32 [[CALL]] +; + %call = call i32 @snprintf(i8* undef, double %len, i32* %str) + ret i32 %call +} attributes #0 = { nobuiltin } attributes #1 = { builtin } |