From e4b37ec73a7d9aecb5cbd131036188572921cc64 Mon Sep 17 00:00:00 2001
From: Chandler Carruth <chandlerc@gmail.com>
Date: Thu, 29 May 2014 23:05:52 +0000
Subject: Fix one bug in the latest incarnation of r209843 -- combining GEPs
 across PHI nodes. The code was computing the Idxs from the 'GEP' variable's
 indices when what it wanted was Op1's indices. This caused an ASan
 heap-overflow for me that pin pointed the issue when Op1 had more indices
 than GEP did. =] I'll let Louis add a specific test case for this if he
 wants.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@209857 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Transforms/InstCombine/InstructionCombining.cpp | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

(limited to 'lib/Transforms/InstCombine/InstructionCombining.cpp')

diff --git a/lib/Transforms/InstCombine/InstructionCombining.cpp b/lib/Transforms/InstCombine/InstructionCombining.cpp
index c72d099d9f..38f92ddf66 100644
--- a/lib/Transforms/InstCombine/InstructionCombining.cpp
+++ b/lib/Transforms/InstCombine/InstructionCombining.cpp
@@ -1233,10 +1233,21 @@ Instruction *InstCombiner::visitGetElementPtrInst(GetElementPtrInst &GEP) {
       if (!Op2 || Op1->getNumOperands() != Op2->getNumOperands())
         return nullptr;
 
+      // Keep track of the type as we walk the GEP.
+      Type *CurTy = Op1->getOperand(0)->getType()->getScalarType();
+
       for (unsigned J = 0, F = Op1->getNumOperands(); J != F; ++J) {
         if (Op1->getOperand(J)->getType() != Op2->getOperand(J)->getType())
           return nullptr;
 
+        if (J > 1) {
+          if (CompositeType *CT = dyn_cast<CompositeType>(CurTy)) {
+            CurTy = CT->getTypeAtIndex(Op1->getOperand(J));
+          } else {
+            CurTy = nullptr;
+          }
+        }
+
         if (Op1->getOperand(J) != Op2->getOperand(J)) {
           if (DI == -1) {
             // We have not seen any differences yet in the GEPs feeding the
@@ -1245,14 +1256,8 @@ Instruction *InstCombiner::visitGetElementPtrInst(GetElementPtrInst &GEP) {
 
             // The first two arguments can vary for any GEP, the rest have to be
             // static for struct slots
-            if (J > 1) {
-              SmallVector<Value*, 8> Idxs(GEP.idx_begin(), GEP.idx_begin()+J-1);
-              Type *Ty =
-                GetElementPtrInst::getIndexedType(Op1->getOperand(0)->getType(),
-                                                  Idxs);
-              if (Ty->isStructTy())
-                return nullptr;
-            }
+            if (J > 1 && CurTy->isStructTy())
+              return nullptr;
 
             DI = J;
           } else {
-- 
cgit v1.2.3