[libFuzzer] don't crash if the condition in a switch has unusual type (e.g. i72)

author Kostya Serebryany <kcc@google.com>

Tue, 11 Aug 2015 00:24:39 +0000 (00:24 +0000)

committer Kostya Serebryany <kcc@google.com>

Tue, 11 Aug 2015 00:24:39 +0000 (00:24 +0000)
author Kostya Serebryany <kcc@google.com>
Tue, 11 Aug 2015 00:24:39 +0000 (00:24 +0000)
committer Kostya Serebryany <kcc@google.com>
Tue, 11 Aug 2015 00:24:39 +0000 (00:24 +0000)
diff --git a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp

index c91b89df830e8533594bb497cfc08f5a3733c0c2..b6829aef2d5d4c67d2c559ec24d351025c66c9da 100644 (file)
--- a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -375,6 +375,9 @@ void SanitizerCoverageModule::InjectTraceForSwitch(
        IRBuilder<> IRB(I);
        SmallVector<Constant *, 16> Initializers;
        Value *Cond = SI->getCondition();
+      if (Cond->getType()->getScalarSizeInBits() >
+          Int64Ty->getScalarSizeInBits())
+        continue;
        Initializers.push_back(ConstantInt::get(Int64Ty, SI->getNumCases()));
        Initializers.push_back(
            ConstantInt::get(Int64Ty, Cond->getType()->getScalarSizeInBits()));
diff --git a/test/Instrumentation/SanitizerCoverage/switch-tracing.ll b/test/Instrumentation/SanitizerCoverage/switch-tracing.ll

index 9ad1c7acf63e627b1b4eea0d64bf727e62ba2b61..aac56dbdeb78591c8591d99b2de7efcccf5fc69e 100644 (file)
--- a/test/Instrumentation/SanitizerCoverage/switch-tracing.ll
+++ b/test/Instrumentation/SanitizerCoverage/switch-tracing.ll
@@ -30,3 +30,27 @@ sw.bb.2:                                          ; preds = %entry
  sw.epilog:                                        ; preds = %entry, %sw.bb.2, %sw.bb.1, %sw.bb
    ret void
  }
+
+define void @fooi72(i72 %x) {
+entry:
+  switch i72 %x, label %sw.epilog [
+    i72 1, label %sw.bb
+    i72 101, label %sw.bb.1
+    i72 1001, label %sw.bb.2
+  ]
+
+sw.bb:                                            ; preds = %entry
+  tail call void @_Z3bari(i32 4)
+  br label %sw.epilog
+
+sw.bb.1:                                          ; preds = %entry
+  tail call void @_Z3bari(i32 5)
+  br label %sw.epilog
+
+sw.bb.2:                                          ; preds = %entry
+  tail call void @_Z3bari(i32 6)
+  br label %sw.epilog
+
+sw.epilog:                                        ; preds = %entry, %sw.bb.2, %sw.bb.1, %sw.bb
+  ret void
+}
author	Kostya Serebryany <kcc@google.com>
	Tue, 11 Aug 2015 00:24:39 +0000 (00:24 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Tue, 11 Aug 2015 00:24:39 +0000 (00:24 +0000)
lib/Transforms/Instrumentation/SanitizerCoverage.cpp		patch \| blob \| history
test/Instrumentation/SanitizerCoverage/switch-tracing.ll		patch \| blob \| history