<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - "Offset out of bounds!" assertion in SectionEntry::getLoadAddressWithOffset in RuntimeDyldImpl.h"

   href="https://llvm.org/bugs/show_bug.cgi?id=30584">30584</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>"Offset out of bounds!" assertion in SectionEntry::getLoadAddressWithOffset in RuntimeDyldImpl.h

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Windows NT

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>j4_james@hotmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>This occurs when using the lli interpreter on Windows to execute code

containing a global array reference with a negative offset. Here's a short C

example that will trigger the problem.

  static int data[1] = {1234};

  int readData(int n) { return data[n-1]; }

  int main() {

    return readData(1);

  }

I believe this is a regression caused by the changes in revisions 253918 and

253919 where this expression:

  Sections[RE.Sections.SectionA].LoadAddress + RE.Addend

was changed to this:

  Sections[RE.Sections.SectionA].getLoadAddressWithOffset(RE.Addend)

This included the addition of boundary checking in the getLoadAddressWithOffset

method to make sure the given offset was contained within the section. The

problem is that the Addend argument is signed, while the parameter expected by

the getLoadAddressWithOffset method is unsigned. A negative offset is thus

converted to a large unsigned value that will inevitably be out of range.

Actually even an unsigned value could potentially trigger the bug if large

enough, because the Addend offset is not guaranteed to fall inside the

section's boundaries.

Anyway, the simple solution would be to bypass the range check by changing that

expression to something like this:

  Sections[RE.Sections.SectionA].getLoadAddress() + RE.Addend

I should be clear that this is just a partial fix though. It works, but only

because there are a couple of other bugs that have conveniently aligned

themselves to produce the correct result. :) Those issues can probably be

addressed separately though.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>