Skip to content

PIPE-10437 LegalizeIntegerTypes#9

Draft
SB-PawanN wants to merge 1 commit into
masterfrom
PIPE-10437-LegalizeIntegerTypes
Draft

PIPE-10437 LegalizeIntegerTypes#9
SB-PawanN wants to merge 1 commit into
masterfrom
PIPE-10437-LegalizeIntegerTypes

Conversation

@SB-PawanN

Copy link
Copy Markdown
Contributor

What
Fixes a HIGH severity SAST finding (PIPE-10437) in lib/CodeGen/SelectionDAG/LegalizeIntegerTypes.cpp at line 830, reported by Wiz.

Problem
In the PromoteIntRes_VAARG function, the expression i * RegVT.getSizeInBits() performs a unsigned × unsigned multiplication in 32-bit space. The result is then implicitly widened to int64_t when passed to DAG.getConstant(). Since the widening happens after the multiplication, the multiply can theoretically overflow before the conversion takes place.

This is flagged as CWE-190: Integer Overflow or Wraparound.

Fix
Cast i to uint64_t before the multiplication so the entire operation is performed in 64-bit space, eliminating any overflow window.

Why this is safe
getConstant() already accepts int64_t — no signature change needed

The cast is a widening conversion (uint32_t → uint64_t) — zero data loss risk

Produces identical machine code for all realistic input values

No functional behavior change — only eliminates the theoretical overflow path

No other files, headers, or dependencies are affected

Risk assessment
Functional behavior - None
Other files / dependencies - None
Build / compilation - None
Existing tests - All pass — no behavioral change

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant