diff --git a/llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp b/llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
--- a/llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
+++ b/llvm/lib/Transforms/Utils/SimplifyLibCalls.cpp
@@ -451,8 +451,11 @@
 
   // strncmp(x, y)  -> cnst  (if both x and y are constant strings)
   if (HasStr1 && HasStr2) {
-    StringRef SubStr1 = Str1.substr(0, Length);
-    StringRef SubStr2 = Str2.substr(0, Length);
+    // Avoid truncating the 64-bit Length to 32 bits in ILP32.
+    StringRef::size_type MinLen1 = std::min((uint64_t)Str1.size(), Length);
+    StringRef::size_type MinLen2 = std::min((uint64_t)Str2.size(), Length);
+    StringRef SubStr1 = Str1.substr(0, MinLen1);
+    StringRef SubStr2 = Str2.substr(0, MinLen2);
     return ConstantInt::get(CI->getType(), SubStr1.compare(SubStr2));
   }
 
@@ -1021,8 +1024,10 @@
     // From now on we need a constant length and constant array.
     return nullptr;
 
-  // Truncate the string to LenC.
-  Str = Str.substr(0, LenC->getZExtValue());
+  // Truncate the string to LenC without slicing when targeting LP64
+  // on an ILP32 host.
+  uint64_t EndOff = std::min(LenC->getZExtValue(), (uint64_t)StringRef::npos);
+  Str = Str.substr(0, EndOff);
 
   // If the char is variable but the input str and length are not we can turn
   // this memchr call into a simple bit field test. Of course this only works
diff --git a/llvm/test/Transforms/InstCombine/memchr-4.ll b/llvm/test/Transforms/InstCombine/memchr-4.ll
new file mode 100644
--- /dev/null
+++ b/llvm/test/Transforms/InstCombine/memchr-4.ll
@@ -0,0 +1,69 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt < %s -passes=instcombine -S | FileCheck %s
+
+; Verify that an excessive size to memchr() isn't truncated to an in-bounds
+; value that results in the call being incorrectly folded (as might happen
+; when LLVM is compiled in ILP32 mode).
+
+declare i8* @memchr(i8*, i32, i64)
+
+@ax = external global [0 x i8]
+@a12345 = constant [5 x i8] c"\01\02\03\04\05"
+
+
+; Do not fold memchr(ax, 1, UINT_MAX + (size_t)1) to null.  Only the first
+; byte in ax must be dereferenceable.
+
+define i8* @call_memchr_ax_2_uimax_p1() {
+; CHECK-LABEL: @call_memchr_ax_2_uimax_p1(
+; CHECK-NEXT:    [[RES:%.*]] = call i8* @memchr(i8* noundef nonnull dereferenceable(1) getelementptr inbounds ([0 x i8], [0 x i8]* @ax, i64 0, i64 0), i32 1, i64 4294967296)
+; CHECK-NEXT:    ret i8* [[RES]]
+;
+
+  %ptr = getelementptr [0 x i8], [0 x i8]* @ax, i32 0, i32 0
+  %res = call i8* @memchr(i8* %ptr, i32 1, i64 4294967296)
+  ret i8* %res
+}
+
+
+; Do not fold memchr(ax, 1, UINT_MAX + (size_t)2) to *ax == 1 ? ax : null.
+; As above, only the first byte in ax must be dereferenceable.
+
+define i8* @call_memchr_ax_2_uimax_p2() {
+; CHECK-LABEL: @call_memchr_ax_2_uimax_p2(
+; CHECK-NEXT:    [[RES:%.*]] = call i8* @memchr(i8* noundef nonnull dereferenceable(1) getelementptr inbounds ([0 x i8], [0 x i8]* @ax, i64 0, i64 0), i32 1, i64 4294967296)
+; CHECK-NEXT:    ret i8* [[RES]]
+;
+
+  %ptr = getelementptr [0 x i8], [0 x i8]* @ax, i32 0, i32 0
+  %res = call i8* @memchr(i8* %ptr, i32 1, i64 4294967296)
+  ret i8* %res
+}
+
+
+; Fold memchr(a12345, 3, UINT_MAX + (size_t)2) to a12345 + 2 (and not to
+; null).
+
+define i8* @fold_memchr_a12345_3_uimax_p2() {
+; CHECK-LABEL: @fold_memchr_a12345_3_uimax_p2(
+; CHECK-NEXT:    ret i8* getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 2)
+;
+
+  %ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i32 0, i32 0
+  %res = call i8* @memchr(i8* %ptr, i32 3, i64 4294967297)
+  ret i8* %res
+}
+
+
+; Do not fold memchr(a12345, c, UINT_MAX + (size_t)2).
+
+define i8* @fold_memchr_a12345_c_uimax_p2(i32 %0) {
+; CHECK-LABEL: @fold_memchr_a12345_c_uimax_p2(
+; CHECK-NEXT:    [[RES:%.*]] = call i8* @memchr(i8* noundef nonnull dereferenceable(1) getelementptr inbounds ([5 x i8], [5 x i8]* @a12345, i64 0, i64 0), i32 [[TMP0:%.*]], i64 4294967297)
+; CHECK-NEXT:    ret i8* [[RES]]
+;
+
+  %ptr = getelementptr [5 x i8], [5 x i8]* @a12345, i32 0, i32 0
+  %res = call i8* @memchr(i8* %ptr, i32 %0, i64 4294967297)
+  ret i8* %res
+}
diff --git a/llvm/test/Transforms/InstCombine/strncmp-3.ll b/llvm/test/Transforms/InstCombine/strncmp-3.ll
new file mode 100644
--- /dev/null
+++ b/llvm/test/Transforms/InstCombine/strncmp-3.ll
@@ -0,0 +1,72 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt < %s -passes=instcombine -S | FileCheck %s
+
+; Verify that an excessive size to strncmp() isn't truncated to an in-bounds
+; value that results in the call being incorrectly folded (as might happen
+; when LLVM is compiled in ILP32 mode).
+
+declare i32 @strncmp(i8*, i8*, i64)
+
+@ax = external global [0 x i8]
+@bx = external global [0 x i8]
+
+@a12345 = constant [5 x i8] c"\01\02\03\04\05"
+@a123456 = constant [6 x i8] c"\01\02\03\04\05\06"
+
+
+; Do not fold strncmp(ax, bx, UINT_MAX + (size_t)1) to 0.
+
+define i32 @call_strncmp_ax_bx_uimax_p1() {
+; CHECK-LABEL: @call_strncmp_ax_bx_uimax_p1(
+; CHECK-NEXT:    [[RES:%.*]] = call i32 @strncmp(i8* noundef nonnull dereferenceable(1) getelementptr inbounds ([0 x i8], [0 x i8]* @ax, i64 0, i64 0), i8* noundef nonnull dereferenceable(1) getelementptr inbounds ([0 x i8], [0 x i8]* @bx, i64 0, i64 0), i64 4294967296)
+; CHECK-NEXT:    ret i32 [[RES]]
+;
+
+  %p1 = getelementptr [0 x i8], [0 x i8]* @ax, i32 0, i32 0
+  %p2 = getelementptr [0 x i8], [0 x i8]* @bx, i32 0, i32 0
+  %res = call i32 @strncmp(i8* %p1, i8* %p2, i64 4294967296)
+  ret i32 %res
+}
+
+
+; Do not fold strncmp(ax, bx, UINT_MAX + (size_t)2) to *ax - *bx.
+
+define i32 @call_strncmp_ax_bx_uimax_p2() {
+; CHECK-LABEL: @call_strncmp_ax_bx_uimax_p2(
+; CHECK-NEXT:    [[RES:%.*]] = call i32 @strncmp(i8* noundef nonnull dereferenceable(1) getelementptr inbounds ([0 x i8], [0 x i8]* @ax, i64 0, i64 0), i8* noundef nonnull dereferenceable(1) getelementptr inbounds ([0 x i8], [0 x i8]* @bx, i64 0, i64 0), i64 4294967296)
+; CHECK-NEXT:    ret i32 [[RES]]
+;
+
+  %p1 = getelementptr [0 x i8], [0 x i8]* @ax, i32 0, i32 0
+  %p2 = getelementptr [0 x i8], [0 x i8]* @bx, i32 0, i32 0
+  %res = call i32 @strncmp(i8* %p1, i8* %p2, i64 4294967296)
+  ret i32 %res
+}
+
+
+; Fold strncmp(a12345, a123456, UINT_MAX + (size_t)2) to -1 (and not to 0).
+
+define i32 @fold_strncmp_a12345_2_uimax_p2() {
+; CHECK-LABEL: @fold_strncmp_a12345_2_uimax_p2(
+; CHECK-NEXT:    ret i32 -1
+;
+
+  %p1 = getelementptr [5 x i8], [5 x i8]* @a12345, i32 0, i32 0
+  %p2 = getelementptr [6 x i8], [6 x i8]* @a123456, i32 0, i32 0
+  %res = call i32 @strncmp(i8* %p1, i8* %p2, i64 4294967297)
+  ret i32 %res
+}
+
+
+; Fold strncmp(a123456, a12345, UINT_MAX + (size_t)3) to +1 (and not to 0).
+
+define i32 @fold_strncmp_a12345_2_uimax_p3() {
+; CHECK-LABEL: @fold_strncmp_a12345_2_uimax_p3(
+; CHECK-NEXT:    ret i32 1
+;
+
+  %p1 = getelementptr [6 x i8], [6 x i8]* @a123456, i32 0, i32 0
+  %p2 = getelementptr [5 x i8], [5 x i8]* @a12345, i32 0, i32 0
+  %res = call i32 @strncmp(i8* %p1, i8* %p2, i64 4294967298)
+  ret i32 %res
+}