[sanitizer-coverage] fix a bug in trace-gep

llvm-svn: 282467
2016-09-27 01:55:08 +00:00 · 2016-09-27 01:55:08 +00:00 · 45c144754b
parent efc962cd06
commit 45c144754b
3 changed files with 10 additions and 2 deletions
--- a/llvm/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
+++ b/llvm/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
@ -7,7 +7,7 @@ LIBFUZZER_SRC=$(dirname $(dirname $SCRIPT_DIR))
 JOBS=20

 # FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=edge"
-FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div"
+FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,trace-gep"

 get() {
  [ ! -e SRC ] && git clone https://github.com/openssl/openssl.git SRC && (cd SRC && git checkout OpenSSL_1_0_1f)
--- a/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ b/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@ -599,7 +599,7 @@ void SanitizerCoverageModule::InjectTraceForGep(
  for (auto GEP : GepTraceTargets) {
    IRBuilder<> IRB(GEP);
    for (auto I = GEP->idx_begin(); I != GEP->idx_end(); ++I)
-      if (!isa<ConstantInt>(*I))
+      if (!isa<ConstantInt>(*I) && (*I)->getType()->isIntegerTy())
        IRB.CreateCall(SanCovTraceGepFunction,
                       {IRB.CreateIntCast(*I, IntptrTy, true)});
  }
--- a/llvm/test/Instrumentation/SanitizerCoverage/gep-tracing.ll
+++ b/llvm/test/Instrumentation/SanitizerCoverage/gep-tracing.ll
@ -30,3 +30,11 @@ entry:
 ; CHECK: call void @__sanitizer_cov_trace_gep(i64 %idxprom1)
 ; CHECK: call void @__sanitizer_cov_trace_gep(i64 %idxprom)
 ; CHECK: ret void
+
+; Just make sure we don't insturment this one and don't crash
+define void @gep_3(<2 x i8*> %a, i32 %i, i32 %j) {
+entry:
+  %0 = getelementptr i8, <2 x i8*> %a, <2 x i64> <i64 8, i64 8>
+  ret void
+}
+