<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [llvm-profdata] llvm-profdata will OOM when input file is corrupted."
   href="https://bugs.llvm.org/show_bug.cgi?id=51628">51628</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>[llvm-profdata] llvm-profdata will OOM when input file is corrupted.
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>tools
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>support scripts
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>haoweiwu1991@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>greg.bedwell@sony.com, i@maskray.me, llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>We discovered that llvm-profdata will crash with OOM when trying to merge a
corrupted profraw data. The corrupted file was caused by a bug fixed in
<a href="https://reviews.llvm.org/D108608">https://reviews.llvm.org/D108608</a>. Still, llvm-profdata shouldn't crash with OOM
issue even though the input file is not legit, it should print an error message
and exit. This problem should be fixed.

Steps for reproduction:

```
$ ./clang -v
Debian clang version 11.0.1-2
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/7.5.0
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/9
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/10
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64

$ ./llvm-profdata merge -failure-mode=any -output=/tmp/out.profdata
input.profraw
LLVM ERROR: out of memory
Allocation failed
[1]    3126428 abort      ./llvm-profdata merge -failure-mode=any
-output=/tmp/out.profdata

```

ASAN traces:

```
$ ASAN_SYMBOLIZER_PATH=./llvm-symbolizer
~/llvm-monorepo/llvm-build-2-custom/bin/llvm-profdata merge -failure-mode=all
-output=/tmp/out.profdata input.profraw
=================================================================
==1842102==ERROR: AddressSanitizer: allocator is out of memory trying to
allocate 0x6ebbe1a2e0 bytes
    #0 0x4ced7d in malloc
../staging/llvm_build/tools/clang/stage2-bins/runtimes/runtimes-x86_64-unknown-linux-gnu-bins/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
    #1 0xb769c3 in safe_malloc
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/Support/MemAlloc.h:26:18
    #2 0xb769c3 in llvm::SmallVectorBase<unsigned long>::grow_pod(void*,
unsigned long, unsigned long)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/Support/SmallVector.cpp:115:15
    #3 0xac51bc in grow_pod
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/ADT/SmallVector.h:124:11
    #4 0xac51bc in grow
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/ADT/SmallVector.h:510:41
    #5 0xac51bc in reserve
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/ADT/SmallVector.h:626:13
    #6 0xac51bc in llvm::zlib::uncompress(llvm::StringRef,
llvm::SmallVectorImpl<char>&, unsigned long)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/Support/Compression.cpp:77:22
    #7 0x9587f6 in llvm::readPGOFuncNameStrings(llvm::StringRef,
llvm::InstrProfSymtab&)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProf.cpp:478:15
    #8 0x98086c in create
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/ProfileData/InstrProf.h:534:10
    #9 0x98086c in llvm::RawInstrProfReader<unsigned
long>::createSymtab(llvm::InstrProfSymtab&)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:351:24
    #10 0x97da25 in llvm::RawInstrProfReader<unsigned
long>::readHeader(llvm::RawInstrProf::Header const&)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:406:17
    #11 0x97d45b in llvm::RawInstrProfReader<unsigned long>::readHeader()
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:320:10
    #12 0x96f87b in initializeReader
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:51:17
    #13 0x96f87b in
llvm::InstrProfReader::create(std::__2::unique_ptr<llvm::MemoryBuffer,
std::__2::default_delete<llvm::MemoryBuffer> >)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:86:17
    #14 0x96f15d in llvm::InstrProfReader::create(llvm::Twine const&)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:60:10
    #15 0x539ba8 in loadInput(WeightedFile const&, (anonymous
namespace)::SymbolRemapper*, WriterContext*)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/tools/llvm-profdata/llvm-profdata.cpp:243:22
    #16 0x5158a0 in mergeInstrProfile
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/tools/llvm-profdata/llvm-profdata.cpp:354:7
    #17 0x5158a0 in merge_main(int, char const**)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/tools/llvm-profdata/llvm-profdata.cpp:984:5
    #18 0x5066dd in main
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/tools/llvm-profdata/llvm-profdata.cpp:2558:14
    #19 0x7f42bb638d09 in __libc_start_main csu/../csu/libc-start.c:308:16
```


input.profraw can be downloaded from:
<a href="https://drive.google.com/file/d/1-ZgZsrZyoenykWLB3C6nLIl3q_XZRYRl/view?usp=sharing">https://drive.google.com/file/d/1-ZgZsrZyoenykWLB3C6nLIl3q_XZRYRl/view?usp=sharing</a></pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>