[llvm-bugs] [Bug 27882] New: libprofile: allocateOneNode() can overflow CurrentVNode
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed May 25 14:33:40 PDT 2016
https://llvm.org/bugs/show_bug.cgi?id=27882
Bug ID: 27882
Summary: libprofile: allocateOneNode() can overflow
CurrentVNode
Product: compiler-rt
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: compiler-rt
Assignee: unassignedbugs at nondot.org
Reporter: vsk at apple.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
In allocateOneNode(), we increment CurrentVNode without first checking if it's
greater than EndVnode. This could eventually cause CurrentVNode to overflow and
return a bad vnode:
106 Node = COMPILER_RT_PTR_FETCH_ADD(ValueProfNode, CurrentVNode, 1);
107 if (Node >= EndVNode) {
108 if (OutOfNodesWarnings++ < MAX_VP_WARNS) {
109 PROF_WARN("Unable to track new values: %s. "
110 " Consider using option -mllvm -vp-counters-per-site=<n> to
allocate more"
111 " value profile counters at compile time. \n",
112 "Running out of static counters");
113 }
114 return 0;
115 }
116 return Node;
Sean suggested limiting increments of CurrentVNode to #threads past EndVNode.
Another option is to attempt to CmpExchange CurrentVnode to its next value
while (CurrentVNode + 1 < EndVNode). We'd return if the CmpExchange succeeds.
If the loop exits we'd return NULL.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160525/d5e33d29/attachment.html>
More information about the llvm-bugs
mailing list