Prevent null pointer from being dereferenced (#4971)

Fixes https://crbug.com/oss-fuzz/48553 * Assign a reflexive dominator if no other dominator can be found using forward traversals * This prevents a null dereference of a pointer in the sorting of the output
author: alan-baker <alanbaker@google.com> 2022-10-24 22:16:33 +0300
committer: GitHub <noreply@github.com> 2022-10-24 22:16:33 +0300
commit: 7326b967a52aecef25b3fedaaba388d6616db93d (patch)
tree: e57c45ccd02c202437d59ef538460b3ee49f43fe /source
parent: 0ebf830572133cc0b95e39990ae0bb0767aa52fe (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/source/cfa.h b/source/cfa.h
index 2743ab40c..9ae3e39a1 100644
--- a/source/cfa.h
+++ b/source/cfa.h
@@ -275,10 +275,16 @@ std::vector<std::pair<BB*, BB*>> CFA<BB>::CalculateDominators(
 
   std::vector<std::pair<bb_ptr, bb_ptr>> out;
   for (auto idom : idoms) {
+    // At this point if there is no dominator for the node, just make it
+    // reflexive.
+    auto dominator = std::get<1>(idom).dominator;
+    if (dominator == undefined_dom) {
+      dominator = std::get<1>(idom).postorder_index;
+    }
     // NOTE: performing a const cast for convenient usage with
     // UpdateImmediateDominators
     out.push_back({const_cast<BB*>(std::get<0>(idom)),
-                   const_cast<BB*>(postorder[std::get<1>(idom).dominator])});
+                   const_cast<BB*>(postorder[dominator])});
   }
 
   // Sort by postorder index to generate a deterministic ordering of edges.
author	alan-baker <alanbaker@google.com>	2022-10-24 22:16:33 +0300
committer	GitHub <noreply@github.com>	2022-10-24 22:16:33 +0300
commit	7326b967a52aecef25b3fedaaba388d6616db93d (patch)
tree	e57c45ccd02c202437d59ef538460b3ee49f43fe /source
parent	0ebf830572133cc0b95e39990ae0bb0767aa52fe (diff)