From: Justin Bogner <mail@justinbogner.com>
Date: Sat, 20 Jun 2015 06:24:05 +0000 (+0000)
Subject: IndVarSimplify: Avoid UB from binding a reference to a null pointer
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=40f8babe9ae3bbf56966c223af7c11cc1308c7bc;p=oota-llvm.git

IndVarSimplify: Avoid UB from binding a reference to a null pointer

Calling operator* on a WeakVH whose Value is null hits undefined
behaviour, since we bind the value to a reference. Instead, go through
`operator Value*` so that we work with the pointer itself.

Found by ubsan.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@240214 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Transforms/Scalar/IndVarSimplify.cpp b/lib/Transforms/Scalar/IndVarSimplify.cpp
index ad2c9726dac..e931382ea98 100644
--- a/lib/Transforms/Scalar/IndVarSimplify.cpp
+++ b/lib/Transforms/Scalar/IndVarSimplify.cpp
@@ -2013,10 +2013,11 @@ bool IndVarSimplify::runOnLoop(Loop *L, LPPassManager &LPM) {
 
   // Now that we're done iterating through lists, clean up any instructions
   // which are now dead.
-  while (!DeadInsts.empty())
-    if (Instruction *Inst =
-          dyn_cast_or_null<Instruction>(&*DeadInsts.pop_back_val()))
+  while (!DeadInsts.empty()) {
+    Value *V = static_cast<Value *>(DeadInsts.pop_back_val());
+    if (Instruction *Inst = dyn_cast_or_null<Instruction>(V))
       RecursivelyDeleteTriviallyDeadInstructions(Inst, TLI);
+  }
 
   // The Rewriter may not be used from this point on.