<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - SEGV on unknown address in :InlineAsm::ConstraintInfo::Parse"

   href="https://llvm.org/bugs/show_bug.cgi?id=24646">24646</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>SEGV on unknown address in :InlineAsm::ConstraintInfo::Parse

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>kschimpf@google.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=14801" name="attach_14801" title="Test file bug6.ll">attachment 14801</a> <a href="attachment.cgi?id=14801&action=edit" title="Test file bug6.ll">[details]</a></span>

Test file <a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED FIXED - Oversized integer bitfields"

   href="show_bug.cgi?id=6">bug6</a>.ll

The test file <a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED FIXED - Oversized integer bitfields"

   href="show_bug.cgi?id=6">bug6</a>.ll is attached.

This bug was found using afl-fuzz on llvm-as (with address sanitizer included).

When you run:

llvm-as <a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED FIXED - Oversized integer bitfields"

   href="show_bug.cgi?id=6">bug6</a>.ll -o /dev/null

You get the following crash:

ASAN:DEADLYSIGNAL

=================================================================

==18076==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc

0x000000982713 bp 0x7fffc88b2210 sp 0x7fffc88b1f40 T0)

    #0 0x982712 in llvm::InlineAsm::ConstraintInfo::Parse(llvm::StringRef,

std::vector<llvm::InlineAsm::ConstraintInfo,

std::allocator<llvm::InlineAsm::ConstraintInfo> >&)

/workspace/llvm-dev/llvm/lib/IR/InlineAsm.cpp:164:20

    #1 0x9851d8 in llvm::InlineAsm::ParseConstraints(llvm::StringRef)

/workspace/llvm-dev/llvm/lib/IR/InlineAsm.cpp:220:9

    #2 0x98677b in llvm::InlineAsm::Verify(llvm::FunctionType*,

llvm::StringRef) /workspace/llvm-dev/llvm/lib/IR/InlineAsm.cpp:247:38

    #3 0x57ab06 in llvm::LLParser::ConvertValIDToValue(llvm::Type*,

llvm::ValID&, llvm::Value*&, llvm::LLParser::PerFunctionState*,

llvm::LLParser::OperatorConstraint)

/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:4132:10

    #4 0x5c2290 in llvm::LLParser::ParseCall(llvm::Instruction*&,

llvm::LLParser::PerFunctionState&, llvm::CallInst::TailCallKind)

/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:5592:7

    #5 0x5a583d in llvm::LLParser::ParseInstruction(llvm::Instruction*&,

llvm::BasicBlock*, llvm::LLParser::PerFunctionState&)

/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:4768:35

    #6 0x5a27d9 in

llvm::LLParser::ParseBasicBlock(llvm::LLParser::PerFunctionState&)

/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:4629:13

    #7 0x535804 in llvm::LLParser::ParseFunctionBody(llvm::Function&)

/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:4577:9

    #8 0x5111d9 in ParseDefine

/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:411:10

    #9 0x5111d9 in llvm::LLParser::ParseTopLevelEntities()

/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:217

    #10 0x510ba1 in llvm::LLParser::Run()

/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:48:10

    #11 0x4f1151 in llvm::parseAssemblyInto(llvm::MemoryBufferRef,

llvm::Module&, llvm::SMDiagnostic&, llvm::SlotMapping*)

/workspace/llvm-dev/llvm/lib/AsmParser/Parser.cpp:31:10

    #12 0x4f241b in parseAssembly

/workspace/llvm-dev/llvm/lib/AsmParser/Parser.cpp:41:7

    #13 0x4f241b in llvm::parseAssemblyFile(llvm::StringRef,

llvm::SMDiagnostic&, llvm::LLVMContext&, llvm::SlotMapping*)

/workspace/llvm-dev/llvm/lib/AsmParser/Parser.cpp:59

    #14 0x4ed9a1 in main

/workspace/llvm-dev/llvm/tools/llvm-as/llvm-as.cpp:96:31

    #15 0x7fbf3027eec4 in __libc_start_main

/build/buildd/eglibc-2.19/csu/libc-start.c:287

    #16 0x424f2b in _start

(/workspace/llvm-dev/build-as-test/bin/llvm-as+0x424f2b)

AddressSanitizer can not provide additional info.

SUMMARY: AddressSanitizer: SEGV

/workspace/llvm-dev/llvm/lib/IR/InlineAsm.cpp:164:20 in

llvm::InlineAsm::ConstraintInfo::Parse(llvm::StringRef,

std::vector<llvm::InlineAsm::ConstraintInfo,

std::allocator<llvm::InlineAsm::ConstraintInfo> >&)

==18076==ABORTING</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>