<html>
<head>
<base href="http://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - heap-use-after-free"
href="http://llvm.org/bugs/show_bug.cgi?id=22267">22267</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>heap-use-after-free
</td>
</tr>
<tr>
<th>Product</th>
<td>lld
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>All Bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>rafael.espindola@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>kledzik@apple.com, llvmbugs@cs.uiuc.edu, ruiu@google.com
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre>Running tests with asan that pecoff/seh.test fails:
READ of size 1 at 0x60200000bfb0 thread T0
#0 0x984b14 in llvm::yaml::MappingTraits<lld::DefinedAtom
const*>::NormalizedAtom::NormalizedAtom(llvm::yaml::IO&, lld::DefinedAtom
const*)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:832:22
#1 0x97a238 in
llvm::yaml::MappingNormalizationHeap<llvm::yaml::MappingTraits<lld::DefinedAtom
const*>::NormalizedAtom, lld::DefinedAtom
const*>::MappingNormalizationHeap(llvm::yaml::IO&, lld::DefinedAtom const*&)
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:830:16
#2 0x9798cd in llvm::yaml::MappingTraits<lld::DefinedAtom
const*>::mapping(llvm::yaml::IO&, lld::DefinedAtom const*&)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:931:72
#3 0x9792e7 in
_ZN4llvm4yaml7yamlizeIPKN3lld11DefinedAtomEEENSt9enable_ifIXsr24unvalidatedMappingTraitsIT_EE5valueEvE4typeERNS0_2IOERS7_b
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:656:3
#4 0x979164 in
_ZN4llvm4yaml7yamlizeIN12_GLOBAL__N_18AtomListIN3lld11DefinedAtomEEEEENSt9enable_ifIXsr18has_SequenceTraitsIT_EE5valueEvE4typeERNS0_2IOERS8_b
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:687:9
#5 0x978f18 in void llvm::yaml::IO::processKey<(anonymous
namespace)::AtomList<lld::DefinedAtom> >(char const*, (anonymous
namespace)::AtomList<lld::DefinedAtom>&, bool)
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:579:7
#6 0x96eef4 in
_ZN4llvm4yaml2IO11mapOptionalIN12_GLOBAL__N_18AtomListIN3lld11DefinedAtomEEEEENSt9enable_ifIXsr18has_SequenceTraitsIT_EE5valueEvE4typeEPKcRS9_
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:517:5
#7 0x96e9f6 in llvm::yaml::MappingTraits<lld::File
const*>::mappingAtoms(llvm::yaml::IO&, lld::File const*&)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:727:5
#8 0x96e813 in llvm::yaml::MappingTraits<lld::File
const*>::mapping(llvm::yaml::IO&, lld::File const*&)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:717:7
#9 0x96da57 in
_ZN4llvm4yaml7yamlizeIPKN3lld4FileEEENSt9enable_ifIXsr24unvalidatedMappingTraitsIT_EE5valueEvE4typeERNS0_2IOERS7_b
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:656:3
#10 0x98bbaf in
_ZN4llvm4yamllsIPKN3lld4FileEEENSt9enable_ifIXsr17has_MappingTraitsIT_EE5valueERNS0_6OutputEE4typeES9_RS7_
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:1200:5
#11 0x98ba40 in lld::yaml::Writer::writeFile(lld::File const&,
llvm::StringRef)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:1281:5
#12 0x903805 in
lld::RoundTripYAMLPass::perform(std::unique_ptr<lld::MutableFile,
std::default_delete<lld::MutableFile> >&)
/home/espindola/llvm/llvm/tools/lld/lib/Passes/RoundTripYAMLPass.cpp:37:3
#13 0x522257 in
lld::PassManager::runOnFile(std::unique_ptr<lld::MutableFile,
std::default_delete<lld::MutableFile> >&)
/home/espindola/llvm/llvm/tools/lld/include/lld/Core/PassManager.h:36:7
#14 0x521532 in lld::Driver::link(lld::LinkingContext&, llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/Driver.cpp:123:3
#15 0x4d92f9 in lld::WinLinkDriver::linkPECOFF(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/WinLinkDriver.cpp:873:10
#16 0x4d4f6e in lld::UniversalDriver::link(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/UniversalDriver.cpp:207:12
#17 0x4d47b7 in main
/home/espindola/llvm/llvm/tools/lld/tools/lld/lld.cpp:35:10
#18 0x7f2d13eb4fdf in __libc_start_main (/lib64/libc.so.6+0x1ffdf)
#19 0x42edd1 in _start
(/home/espindola/llvm/build-dbg-asan/bin/lld+0x42edd1)
0x60200000bfb0 is located 0 bytes inside of 8-byte region
[0x60200000bfb0,0x60200000bfb8)
freed by thread T0 here:
#0 0x4d3ec2 in operator delete(void*)
/home/espindola/llvm/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:94:3
#1 0x562724 in (anonymous namespace)::FileCOFF::maybeCreateSXDataAtoms()
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/PECOFF/ReaderCOFF.cpp:1027:1
#2 0x55df1e in (anonymous namespace)::FileCOFF::doParse()
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/PECOFF/ReaderCOFF.cpp:367:28
#3 0x9053d5 in lld::File::parse()
/home/espindola/llvm/llvm/tools/lld/lib/Core/File.cpp:26:18
#4 0x90be47 in lld::Resolver::resolveUndefines()
/home/espindola/llvm/llvm/tools/lld/lib/Core/Resolver.cpp:299:30
#5 0x90f075 in lld::Resolver::resolve()
/home/espindola/llvm/llvm/tools/lld/lib/Core/Resolver.cpp:475:8
#6 0x521419 in lld::Driver::link(lld::LinkingContext&, llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/Driver.cpp:106:8
#7 0x4d92f9 in lld::WinLinkDriver::linkPECOFF(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/WinLinkDriver.cpp:873:10
#8 0x4d4f6e in lld::UniversalDriver::link(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/UniversalDriver.cpp:207:12
#9 0x4d47b7 in main
/home/espindola/llvm/llvm/tools/lld/tools/lld/lld.cpp:35:10
#10 0x7f2d13eb4fdf in __libc_start_main (/lib64/libc.so.6+0x1ffdf)
previously allocated by thread T0 here:
#0 0x4d3902 in operator new(unsigned long)
/home/espindola/llvm/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:62:35
#1 0x54eff1 in std::_Vector_base<unsigned char, std::allocator<unsigned
char> >::_M_create_storage(unsigned long)
/usr/lib/gcc/x86_64-redhat-linux/4.9.2/../../../../include/c++/4.9.2/bits/stl_vector.h:185:27
#2 0x5673b7 in std::vector<unsigned char, std::allocator<unsigned char>
<span class="quote">>::vector(std::vector<unsigned char, std::allocator<unsigned char> > const&)</span >
/usr/lib/gcc/x86_64-redhat-linux/4.9.2/../../../../include/c++/4.9.2/bits/stl_vector.h:321:7
#3 0x5623bc in (anonymous namespace)::FileCOFF::maybeCreateSXDataAtoms()
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/PECOFF/ReaderCOFF.cpp:992:24
#4 0x55df1e in (anonymous namespace)::FileCOFF::doParse()
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/PECOFF/ReaderCOFF.cpp:367:28
#5 0x9053d5 in lld::File::parse()
/home/espindola/llvm/llvm/tools/lld/lib/Core/File.cpp:26:18
#6 0x90be47 in lld::Resolver::resolveUndefines()
/home/espindola/llvm/llvm/tools/lld/lib/Core/Resolver.cpp:299:30
#7 0x90f075 in lld::Resolver::resolve()
/home/espindola/llvm/llvm/tools/lld/lib/Core/Resolver.cpp:475:8
#8 0x521419 in lld::Driver::link(lld::LinkingContext&, llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/Driver.cpp:106:8
#9 0x4d92f9 in lld::WinLinkDriver::linkPECOFF(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/WinLinkDriver.cpp:873:10
#10 0x4d4f6e in lld::UniversalDriver::link(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/UniversalDriver.cpp:207:12
#11 0x4d47b7 in main
/home/espindola/llvm/llvm/tools/lld/tools/lld/lld.cpp:35:10
#12 0x7f2d13eb4fdf in __libc_start_main (/lib64/libc.so.6+0x1ffdf)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>