[LLVMbugs] [Bug 2578] New: TrimAllocationToSize will trim blocks to smaller than FreeRangeHeader:: getMinBlockSize()

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Mon Jul 21 20:15:35 PDT 2008


           Summary: TrimAllocationToSize will trim blocks to smaller than
           Product: libraries
           Version: 2.3
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Generic Execution Engine Support
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: ddneff at hotmail.com
                CC: llvmbugs at cs.uiuc.edu, ddneff at hotmail.com

There appears to be a bug in MemoryRangeHeader::TrimAllocationToSize in that it
only checks if the split off block will have a size greater than
FreeRangeHeader::getMinBlockSize(), instead of checking if both blocks will
have a size greater than this value.  This will happen when you have a very
small function and endFunctionBody is called.  It will trim the block for the
function to smaller than FreeRangeHeader::getMinBlockSize(), and when this
block gets freed at a later time, the block size written to the end of block
stomps on the previous pointer.  A possible solution is probably to just add:

NewSize = std::min(NewSize, FreeRangeHeader::getMinBlockSize()); 

Steps to reproduce:
1) create a very small function, such as a ret void.
2) JIT the function by calling getPointerToGlobal
3) Release the function by calling freeMachineCodeForFunction

Results: the circular free list is now corrupt.

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list