<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 2 March 2014 21:13, Reid Kleckner <span dir="ltr"><<a href="mailto:rnk@google.com" target="_blank">rnk@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Nick and I looked at this and we think there are other issues of a similar nature in the bitcode reader. There are many places where ValueList is indexed and accessed without any null check. I think Nick said the list shouldn't contain any null elements unless we're returning an error, which is what your test case does.</div>
</blockquote><div><br></div><div>I did say that, but I take it back. There is a place where it does reserve values in advance, and that's what happens in this testcase. The testcase then demonstrates an access without a null check in error handling code, but I don't see why the other non-error handling code shouldn't have it either (I kept looking, which is why I never replied).</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_extra"><div class="gmail_quote">On Sun, Mar 2, 2014 at 9:08 PM, Dinesh Dwivedi <span dir="ltr"><<a href="mailto:dinesh.d@samsung.com" target="_blank">dinesh.d@samsung.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">ping..<div class=""><br>
<div><br>
Regards<br>
Dinesh Dwivedi<br>
<br>
------- Original Message -------<br>
</div></div>Sender : Dinesh Dwivedi<<a href="mailto:dinesh.d@samsung.com" target="_blank">dinesh.d@samsung.com</a>> Chief Engineer/SRI-Bangalore-Native Framework/Samsung Electronics<br>
Date : Feb 27, 2014 15:51 (GMT+05:30)<br>
Title : [PATCH] Fix for bitcode reader crash on invalid input [PR18704]<div><div class="h5"><br>
<div><div><br>
Hi Reid,<br>
<br>
I have attached a separate binary patch for bc file. This is same file attached in bug report. I have added llvm-bcanalyzer as comment in test case. But I do not understand much of it.<br>
<br>
I have updated my fix a bit. I have update dyn_cast to dyn_cast_or_null for all location casting values from ValueList to something. If code was already returning some error code on null value, I left them as it is. For other cases, I have added null check and on null it will return "InvalidValue".<br>
<br>
Regards<br>
Dinesh Dwivedi<br>
<br>
<br>
------- Original Message -------<br>
Sender : Reid Kleckner<<a href="mailto:rnk@google.com" target="_blank">rnk@google.com</a>><br>
Date : Feb 27, 2014 00:16 (GMT+05:30)<br>
Title : Re: [PATCH] Fix for bitcode reader crash on invalid input [PR18704]<br>
<br>
The binary content of the .bc file isn't present in the diff. Can you attach it, and maybe paste the output of llvm-bcanalyzer into the test case as a comment? Also, the fix doesn't look correct. It looks like subsequent Arguments might leak, although that isn't really critical.<br>
<br>
<br>
<br>
On Wed, Feb 26, 2014 at 7:37 AM, Dinesh Dwivedi <<a href="mailto:dinesh.d@samsung.com" target="_blank">dinesh.d@samsung.com</a>> wrote:<br>
<br>
Attaching patch for PR18704. I have just gone through back-trace for the assert [dyn_cast was getting applied to NULL value], locate code causing this and added check to print error for NULL values.<br>
<br>
Regards<br>
Dinesh Dwivedi<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@cs.uiuc.edu" target="_blank">llvm-commits@cs.uiuc.edu</a><br>
</div></div></div></div><a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><p> </p><p> </p></blockquote>
</div><br></div>
</blockquote></div></div></div>