[LLVMbugs] [Bug 9039] New: Use after free in reassociate

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon Jan 24 12:25:59 PST 2011 

http://llvm.org/bugs/show_bug.cgi?id=9039

           Summary: Use after free in reassociate
           Product: new-bugs
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: baldrick at free.fr
                CC: llvmbugs at cs.uiuc.edu


$ valgrind opt use_after_free.ll -reassociate
...
 Invalid read of size 1
    at 0x87AD6E: llvm::Value::getValueID() const (Value.h:245)
    by 0x87AE07: llvm::isa_impl<llvm::Instruction,
llvm::Value>::doit(llvm::Value const&) (Value.h:348)
    by 0x87BF6D: llvm::isa_impl_wrap<llvm::Instruction, llvm::Value const,
llvm::Value const>::doit(llvm::Value const&) (Casting.h:73)
    by 0x87BE13: bool
llvm::isa_impl_cl<llvm::Value>::isa<llvm::Instruction>(llvm::Value const&)
(Casting.h:85)
    by 0x89ED15: bool llvm::isa_impl_cl<llvm::Value
const>::isa<llvm::Instruction>(llvm::Value const&) (Casting.h:94)
    by 0x89B597: bool llvm::isa_impl_cl<llvm::Value
const*>::isa<llvm::Instruction>(llvm::Value const*) (Casting.h:103)
    by 0x898C08: bool llvm::isa<llvm::Instruction, llvm::Value
const*>(llvm::Value const* const&) (Casting.h:118)
    by 0x92EF25: llvm::BinaryOperator::classof(llvm::Value const*)
(InstrTypes.h:431)
    by 0x93285F: llvm::isa_impl<llvm::BinaryOperator,
llvm::Value>::doit(llvm::Value const&) (Casting.h:55)
    by 0x93272D: llvm::isa_impl_wrap<llvm::BinaryOperator, llvm::Value const,
llvm::Value const>::doit(llvm::Value const&) (Casting.h:73)
    by 0x93254B: bool
llvm::isa_impl_cl<llvm::Value>::isa<llvm::BinaryOperator>(llvm::Value const&)
(Casting.h:85)
    by 0x93211B: bool
llvm::isa_impl_cl<llvm::Value*>::isa<llvm::BinaryOperator>(llvm::Value*)
(Casting.h:103)
  Address 0x5ba8598 is 56 bytes inside a block of size 136 free'd
    at 0x4C26D7F: operator delete(void*) (vg_replace_malloc.c:387)
    by 0xCCEF50: llvm::User::operator delete(void*) (User.cpp:79)
    by 0xC8F395: llvm::BinaryOperator::~BinaryOperator() (InstrTypes.h:141)
    by 0x8B1C97:
llvm::ilist_node_traits<llvm::Instruction>::deleteNode(llvm::Instruction*) (in
/usr/local/bin/opt)
    by 0x8B085C: llvm::iplist<llvm::Instruction,
llvm::ilist_traits<llvm::Instruction>
>::erase(llvm::ilist_iterator<llvm::Instruction>) (ilist.h:463)
    by 0xC7E74F: llvm::Instruction::eraseFromParent() (Instruction.cpp:72)
    by 0x977BDB: (anonymous
namespace)::Reassociate::RemoveFactorFromExpression(llvm::Value*, llvm::Value*)
(Reassociate.cpp:589)
    by 0x978951: (anonymous
namespace)::Reassociate::OptimizeAdd(llvm::Instruction*,
llvm::SmallVectorImpl<(anonymous namespace)::ValueEntry>&)
(Reassociate.cpp:820)
    by 0x978E8E: (anonymous
namespace)::Reassociate::OptimizeExpression(llvm::BinaryOperator*,
llvm::SmallVectorImpl<(anonymous namespace)::ValueEntry>&)
(Reassociate.cpp:924)
    by 0x979367: (anonymous
namespace)::Reassociate::ReassociateExpression(llvm::BinaryOperator*)
(Reassociate.cpp:1025)
    by 0x979223: (anonymous
namespace)::Reassociate::ReassociateBB(llvm::BasicBlock*)
(Reassociate.cpp:1002)
    by 0x9796B8: (anonymous
namespace)::Reassociate::runOnFunction(llvm::Function&) (Reassociate.cpp:1070)

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list