[InstCombine] Fix use after free

Make sure we only access cached nowrap flags.
2025-04-24 06:26:07 +00:00 · 2024-12-04 17:20:04 +01:00 · 2024-12-04 17:20:04 +01:00 · 66ed8fb973
commit 66ed8fb973
parent b79007d8a6
1 changed files with 7 additions and 6 deletions
--- a/llvm/lib/Transforms/InstCombine/InstCombineAddSub.cpp
+++ b/llvm/lib/Transforms/InstCombine/InstCombineAddSub.cpp
@ -2092,18 +2092,18 @@ Value *InstCombinerImpl::OptimizePointerDifference(Value *LHS, Value *RHS,

  // To avoid duplicating the offset arithmetic, rewrite the GEP to use the
  // computed offset. This may erase the original GEP, so be sure to cache the
-  // inbounds flag before emitting the offset.
+  // nowrap flags before emitting the offset.
  // TODO: We should probably do this even if there is only one GEP.
  bool RewriteGEPs = GEP2 != nullptr;

  // Emit the offset of the GEP and an intptr_t.
-  bool GEP1IsInBounds = GEP1->isInBounds();
+  GEPNoWrapFlags GEP1NW = GEP1->getNoWrapFlags();
  Value *Result = EmitGEPOffset(GEP1, RewriteGEPs);

  // If this is a single inbounds GEP and the original sub was nuw,
  // then the final multiplication is also nuw.
  if (auto *I = dyn_cast<Instruction>(Result))
-    if (IsNUW && !GEP2 && !Swapped && GEP1IsInBounds &&
+    if (IsNUW && !GEP2 && !Swapped && GEP1NW.isInBounds() &&
        I->getOpcode() == Instruction::Mul)
      I->setHasNoUnsignedWrap();

@ -2111,11 +2111,12 @@ Value *InstCombinerImpl::OptimizePointerDifference(Value *LHS, Value *RHS,
  // If both GEPs are inbounds, then the subtract does not have signed overflow.
  // If both GEPs are nuw and the original sub is nuw, the new sub is also nuw.
  if (GEP2) {
+    GEPNoWrapFlags GEP2NW = GEP2->getNoWrapFlags();
    Value *Offset = EmitGEPOffset(GEP2, RewriteGEPs);
    Result = Builder.CreateSub(Result, Offset, "gepdiff",
-                               IsNUW && GEP1->hasNoUnsignedWrap() &&
-                                   GEP2->hasNoUnsignedWrap(),
-                               GEP1IsInBounds && GEP2->isInBounds());
+                               IsNUW && GEP1NW.hasNoUnsignedWrap() &&
+                                   GEP2NW.hasNoUnsignedWrap(),
+                               GEP1NW.isInBounds() && GEP2NW.isInBounds());
  }

  // If we have p - gep(p, ...)  then we have to negate the result.