Skip to content

Commit

Permalink
Fix possible use-after-free
Browse files Browse the repository at this point in the history
  • Loading branch information
@dstogov
dstogov committed Sep 3, 2024
1 parent 804e5c3 commit 17fa260
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions ir_fold.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2523,8 +2523,8 @@ IR_FOLD(ADD(SUB, C_ADDR))
/* (c1 - x) + c2 => (c1 + c2) - x */
val.u64 = ctx->ir_base[op1_insn->op1].val.u64 + op2_insn->val.u64;
opt++; /* ADD -> SUB */
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
op2 = op1_insn->op2;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
IR_FOLD_RESTART;
}
IR_FOLD_NEXT;
Expand All @@ -2549,8 +2549,8 @@ IR_FOLD(ADD(SUB, C_I64))
/* (c1 - x) + c2 => (c1 + c2) - x */
val.i64 = ctx->ir_base[op1_insn->op1].val.i64 + op2_insn->val.i64;
opt++; /* ADD -> SUB */
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
op2 = op1_insn->op2;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
IR_FOLD_RESTART;
}
IR_FOLD_NEXT;
Expand Down Expand Up @@ -2602,8 +2602,8 @@ IR_FOLD(SUB(C_ADDR, ADD))
if (IR_IS_CONST_REF(op2_insn->op2) && !IR_IS_SYM_CONST(ctx->ir_base[op2_insn->op2].op)) {
/* c1 - (x + c2) => (c1 - c2) - x */
val.u64 = op1_insn->val.u64 - ctx->ir_base[op2_insn->op2].val.u64;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
op2 = op2_insn->op1;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
IR_FOLD_RESTART;
}
IR_FOLD_NEXT;
Expand All @@ -2617,8 +2617,8 @@ IR_FOLD(SUB(C_I64, ADD))
if (IR_IS_CONST_REF(op2_insn->op2) && !IR_IS_SYM_CONST(ctx->ir_base[op2_insn->op2].op)) {
/* c1 - (x + c2) => (c1 - c2) - x */
val.i64 = op1_insn->val.i64 - ctx->ir_base[op2_insn->op2].val.i64;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
op2 = op2_insn->op1;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
IR_FOLD_RESTART;
}
IR_FOLD_NEXT;
Expand All @@ -2643,8 +2643,8 @@ IR_FOLD(SUB(SUB, C_ADDR))
} else if (IR_IS_CONST_REF(op1_insn->op1) && !IR_IS_SYM_CONST(ctx->ir_base[op1_insn->op1].op)) {
/* (c1 - x) - c2 => (c1 - c2) - x */
val.u64 = ctx->ir_base[op1_insn->op1].val.u64 - op2_insn->val.u64;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
op2 = op1_insn->op2;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
IR_FOLD_RESTART;
}
IR_FOLD_NEXT;
Expand All @@ -2668,8 +2668,8 @@ IR_FOLD(SUB(SUB, C_I64))
} else if (IR_IS_CONST_REF(op1_insn->op1) && !IR_IS_SYM_CONST(ctx->ir_base[op1_insn->op1].op)) {
/* (c1 - x) - c2 => (c1 - c2) - x */
val.i64 = ctx->ir_base[op1_insn->op1].val.i64 - op2_insn->val.i64;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
op2 = op1_insn->op2;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
IR_FOLD_RESTART;
}
IR_FOLD_NEXT;
Expand All @@ -2684,8 +2684,8 @@ IR_FOLD(SUB(C_ADDR, SUB))
if (IR_IS_CONST_REF(op2_insn->op2) && !IR_IS_SYM_CONST(ctx->ir_base[op2_insn->op2].op)) {
/* c1 - (x - c2) => (c1 + c2) - x */
val.u64 = op1_insn->val.u64 + ctx->ir_base[op2_insn->op2].val.u64;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
op2 = op2_insn->op1;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
IR_FOLD_RESTART;
} else if (IR_IS_CONST_REF(op2_insn->op1) && !IR_IS_SYM_CONST(ctx->ir_base[op2_insn->op1].op)) {
/* c1 - (c2 - x) => x + (c1 - c2) */
Expand All @@ -2709,8 +2709,8 @@ IR_FOLD(SUB(C_I64, SUB))
if (IR_IS_CONST_REF(op2_insn->op2) && !IR_IS_SYM_CONST(ctx->ir_base[op2_insn->op2].op)) {
/* c1 - (x - c2) => (c1 + c2) - x */
val.i64 = op1_insn->val.i64 + ctx->ir_base[op2_insn->op2].val.i64;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
op2 = op2_insn->op1;
op1 = ir_const(ctx, val, IR_OPT_TYPE(opt));
IR_FOLD_RESTART;
} else if (IR_IS_CONST_REF(op2_insn->op1) && !IR_IS_SYM_CONST(ctx->ir_base[op2_insn->op1].op)) {
/* c1 - (c2 - x) => x + (c1 - c2) */
Expand Down

0 comments on commit 17fa260

Please sign in to comment.