diff --git a/llvm/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh b/llvm/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh index 33e77a00c91c..69fa7241b860 100755 --- a/llvm/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh +++ b/llvm/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh @@ -7,7 +7,7 @@ LIBFUZZER_SRC=$(dirname $(dirname $SCRIPT_DIR)) JOBS=20 # FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=edge" -FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div" +FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,trace-gep" get() { [ ! -e SRC ] && git clone https://github.com/openssl/openssl.git SRC && (cd SRC && git checkout OpenSSL_1_0_1f) diff --git a/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp b/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp index 4a1a75518b01..e26fdb42c997 100644 --- a/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp +++ b/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp @@ -599,7 +599,7 @@ void SanitizerCoverageModule::InjectTraceForGep( for (auto GEP : GepTraceTargets) { IRBuilder<> IRB(GEP); for (auto I = GEP->idx_begin(); I != GEP->idx_end(); ++I) - if (!isa(*I)) + if (!isa(*I) && (*I)->getType()->isIntegerTy()) IRB.CreateCall(SanCovTraceGepFunction, {IRB.CreateIntCast(*I, IntptrTy, true)}); } diff --git a/llvm/test/Instrumentation/SanitizerCoverage/gep-tracing.ll b/llvm/test/Instrumentation/SanitizerCoverage/gep-tracing.ll index ed6cf2d49a8d..f305f493202d 100644 --- a/llvm/test/Instrumentation/SanitizerCoverage/gep-tracing.ll +++ b/llvm/test/Instrumentation/SanitizerCoverage/gep-tracing.ll @@ -30,3 +30,11 @@ entry: ; CHECK: call void @__sanitizer_cov_trace_gep(i64 %idxprom1) ; CHECK: call void @__sanitizer_cov_trace_gep(i64 %idxprom) ; CHECK: ret void + +; Just make sure we don't insturment this one and don't crash +define void @gep_3(<2 x i8*> %a, i32 %i, i32 %j) { +entry: + %0 = getelementptr i8, <2 x i8*> %a, <2 x i64> + ret void +} +