[cfe-dev] ASAN reporting heap overrun when doing a partial store to extended vector
Akira Hatanaka via cfe-dev
cfe-dev at lists.llvm.org
Wed Mar 4 13:59:47 PST 2020
In case it wasn’t clear, malloc is allocating memory that is large enough to contain only the first 16 elements of a vec32. writeVec loads ‘data’ as a vec32, writes ‘value’ to the first 16 elements of the vector, and stores the vec32 vector via pointer ‘data'.
It's not clear to me whether this is an error in the source code or IRGen.
> On Mar 3, 2020, at 4:56 PM, Akira Hatanaka via cfe-dev <cfe-dev at lists.llvm.org> wrote:
>
> Does the following code have undefined behavior?
>
> $ cat test.c
> typedef __attribute__((__ext_vector_type__(32))) unsigned short vec32;
> typedef __attribute__((__ext_vector_type__(16))) unsigned short vec16;
>
> void writeVec(vec32 *data) {
> vec16 value = 0xffff;
> data->lo = value;
> }
>
> void foo1() {
> vec32 *p = (vec32 *)malloc(sizeof(unsigned short) * 16);
> writeVec(p);
> }
>
> The code above causes ASAN to report a heap overrun because clang creates a vector with 32 elements using vector shuffling and writes it back via the pointer passed to writeVec.
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200304/e8664da4/attachment.html>
More information about the cfe-dev
mailing list