[llvm-bugs] [Bug 48117] New: A null pointer dereference error in GIMatchTree::writeDOTGraphEdges

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Nov 9 04:05:45 PST 2020 

https://bugs.llvm.org/show_bug.cgi?id=48117

            Bug ID: 48117
           Summary: A null pointer dereference error in
                    GIMatchTree::writeDOTGraphEdges
           Product: tools
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: TableGen
          Assignee: unassignedbugs at nondot.org
          Reporter: alansnape3058 at gmail.com
                CC: llvm-bugs at lists.llvm.org

According to the bug reports of my clang static analyzer fork, in class
`llvm::GIMatchTree`, if `Partitioner` is not set or set to nullptr, when
calling function `GIMatchTree::writeDOTGraph`, a null pointer dereference will
occur in function `GIMatchTree::writeDOTGraphEdges`.

1. call function GIMatchTree::writeDOTGraph:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:24
24 void GIMatchTree::writeDOTGraph(raw_ostream &OS) const {

2. call function GIMatchTree::writeDOTGraphNode:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:26
26   writeDOTGraphNode(OS);

3. assume `Partitioner` is null, take the false branch:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:32
32   if (Partitioner) {

4. assume `Partitioner` is null, take the false branch:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:48
48   if (!Partitioner && !IsFullyTraversed)

5. assume `Partitioner` is null, take the false branch:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:50
50   if (!Partitioner && !IsFullyTested) {

6. assume `Partitioner` is null, take the false branch:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:63
63   if (!Partitioner &&

7. call function GIMatchTree::writeDOTGraphEdges:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:69
69   writeDOTGraphEdges(OS);

8. dereference null smart pointer `Partitioner`:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:76
76     Partitioner->emitPartitionName(OS, Child.index());

Although the problem will not be triggered with the path presented, the problem
still worth noting.
See the attached HTML report for more details.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20201109/1d103124/attachment.html>

More information about the llvm-bugs mailing list