[llvm] r264442 - AMDGPU: Fix a use-after free and a missing break
Justin Bogner via llvm-commits
llvm-commits at lists.llvm.org
Fri Mar 25 11:33:16 PDT 2016
Author: bogner
Date: Fri Mar 25 13:33:16 2016
New Revision: 264442
URL: http://llvm.org/viewvc/llvm-project?rev=264442&view=rev
Log:
AMDGPU: Fix a use-after free and a missing break
We're erasing MI here, but then immediately using it again inside the
`if`. This moves the erase after we're done using it.
Doing that reveals a second problem though - this case is missing a
break, so we fall through to the default and dereference MI again.
This is obviously a bug, though I don't know how to write a test that
triggers it - all we do in the error case is print some extra debug
output.
Both of these issue crash on lots of tests under ASAN with the
recycling allocator changes from PR26808 applied.
Modified:
llvm/trunk/lib/Target/AMDGPU/R600ControlFlowFinalizer.cpp
Modified: llvm/trunk/lib/Target/AMDGPU/R600ControlFlowFinalizer.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Target/AMDGPU/R600ControlFlowFinalizer.cpp?rev=264442&r1=264441&r2=264442&view=diff
==============================================================================
--- llvm/trunk/lib/Target/AMDGPU/R600ControlFlowFinalizer.cpp (original)
+++ llvm/trunk/lib/Target/AMDGPU/R600ControlFlowFinalizer.cpp Fri Mar 25 13:33:16 2016
@@ -625,15 +625,16 @@ public:
case AMDGPU::RETURN: {
BuildMI(MBB, MI, MBB.findDebugLoc(MI), getHWInstrDesc(CF_END));
CfCount++;
- MI->eraseFromParent();
if (CfCount % 2) {
BuildMI(MBB, I, MBB.findDebugLoc(MI), TII->get(AMDGPU::PAD));
CfCount++;
}
+ MI->eraseFromParent();
for (unsigned i = 0, e = FetchClauses.size(); i < e; i++)
EmitFetchClause(I, FetchClauses[i], CfCount);
for (unsigned i = 0, e = AluClauses.size(); i < e; i++)
EmitALUClause(I, AluClauses[i], CfCount);
+ break;
}
default:
if (TII->isExport(MI->getOpcode())) {
More information about the llvm-commits
mailing list