From dafab60b57e71c0a2baced53affe3aa580f6eb3f Mon Sep 17 00:00:00 2001
From: Owen Anderson <resistor@mac.com>
Date: Mon, 2 Mar 2015 05:25:06 +0000
Subject: [PATCH] Fix a crash in the LL parser where it failed to validate that
 the pointer operand of a GEP was valid.

This manifested as an assertion failure in +Asserts builds, and a hard crash in -Asserts builds.  Found by fuzzing the LL parser.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@230934 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/AsmParser/LLParser.cpp                  |  2 ++
 test/Assembler/getelementptr_invalid_ptr.ll | 11 +++++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 test/Assembler/getelementptr_invalid_ptr.ll

diff --git a/lib/AsmParser/LLParser.cpp b/lib/AsmParser/LLParser.cpp
index 40563b536bd..d50da69529c 100644
--- a/lib/AsmParser/LLParser.cpp
+++ b/lib/AsmParser/LLParser.cpp
@@ -5458,6 +5458,8 @@ int LLParser::ParseGetElementPtr(Instruction *&Inst, PerFunctionState &PFS) {
     return true;
 
   Type *PtrTy = Ptr->getType();
+  if (!isa<SequentialType>(PtrTy))
+    return Error(Loc, "pointer type is not valid");
   if (VectorType *VT = dyn_cast<VectorType>(PtrTy))
     PtrTy = VT->getElementType();
   if (Ty != cast<SequentialType>(PtrTy)->getElementType())
diff --git a/test/Assembler/getelementptr_invalid_ptr.ll b/test/Assembler/getelementptr_invalid_ptr.ll
new file mode 100644
index 00000000000..8296dd37a0a
--- /dev/null
+++ b/test/Assembler/getelementptr_invalid_ptr.ll
@@ -0,0 +1,11 @@
+; RUN: not llvm-as < %s >/dev/null 2> %t
+; RUN: FileCheck %s < %t
+; Test the case of an invalid pointer type on a GEP
+
+; CHECK: pointer type is not valid
+
+define i32* @foo(i32 %a) {
+  %gep = getelementptr i32, i32 %a, i32 1
+  return i32* %gep
+}
+