<div dir="ltr">I think the code in question believes that 'Bits == 0' is a logic bug somewhere, reporting a fatal error in this case doesn't seem helpful.</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 13, 2015 at 5:04 PM, Bhide, Satyajeet B <span dir="ltr"><<a href="mailto:satyajeet.b.bhide@intel.com" target="_blank">satyajeet.b.bhide@intel.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div>
<p class="MsoNormal">Hi,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I noticed a possible Buffer Overflow issue in one of the auto-generated files by AsmWriterEmitter.cpp
<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">The snippet of code generated by the emitter is :<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">‘’’’’<u></u><u></u></p>
<p class="MsoNormal"> uint64_t Bits1 = OpInfo[MI->getOpcode()];<u></u><u></u></p>
<p class="MsoNormal"> uint64_t Bits2 = OpInfo2[MI->getOpcode()];<u></u><u></u></p>
<p class="MsoNormal"> uint64_t Bits = (Bits2 << 32) | Bits1;<u></u><u></u></p>
<p class="MsoNormal"> assert(Bits != 0 && "Cannot print this instruction.");<u></u><u></u></p>
<p class="MsoNormal"> O << AsmStrs+(Bits & 4095)-1;<u></u><u></u></p>
<p class="MsoNormal">‘’’’’<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">The risk is that Bits1 and Bits2 could read 0x0 for certain opcodes. If this happens, “(Bits & 4095)-1” would evaluate to -1, causing an out of bounds address being put out to raw_ostream O.<u></u><u></u></p>
<p class="MsoNormal">There is an assert to check for this very case, but I am wondering if we need to bail out with an error ( maybe a ‘report_fatal_error’) in addition to an assert?
<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">The lines in AsmWritterEmitter generating this snippet (line 450 – 461):<u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
<u></u><u></u></span></b></p>
<p class="MsoNormal" style="text-autospace:none">’’’’<u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.5pt;font-family:Consolas;color:blue;background:white">if</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">(BitsLeft<b>
</b><<b> </b>32)<b> </b>{<b><u></u><u></u></b></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:green;background:white">// If we have two tables then we need to perform two lookups and combine</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><u></u><u></u></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:green;background:white">// the results into a single 64-bit value.</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><u></u><u></u></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:gray;background:white">O</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><<<b>
</b></span><span style="font-size:9.5pt;font-family:Consolas;color:#a31515;background:white">" uint64_t Bits1 = OpInfo[MI->getOpcode()];\n"</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><u></u><u></u></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><<<b>
</b></span><span style="font-size:9.5pt;font-family:Consolas;color:#a31515;background:white">" uint64_t Bits2 = OpInfo2[MI->getOpcode()];\n"</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><u></u><u></u></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><<<b>
</b></span><span style="font-size:9.5pt;font-family:Consolas;color:#a31515;background:white">" uint64_t Bits = (Bits2 << 32) | Bits1;\n"</span><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">;<b><u></u><u></u></b></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">}<b>
</b></span><span style="font-size:9.5pt;font-family:Consolas;color:blue;background:white">else</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">{<b><u></u><u></u></b></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:green;background:white">// If only one table is used we just need to perform a single lookup.</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><u></u><u></u></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:gray;background:white">O</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><<<b>
</b></span><span style="font-size:9.5pt;font-family:Consolas;color:#a31515;background:white">" uint32_t Bits = OpInfo[MI->getOpcode()];\n"</span><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">;<b><u></u><u></u></b></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">}<b><u></u><u></u></b></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:gray;background:white">O</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><<<b>
</b></span><span style="font-size:9.5pt;font-family:Consolas;color:#a31515;background:white">" assert(Bits != 0 && \"Cannot print this instruction.\");\n"</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><u></u><u></u></span></b></p>
<p class="MsoNormal"><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><<<b>
</b></span><span style="font-size:9.5pt;font-family:Consolas;color:#a31515;background:white">" O << AsmStrs+(Bits & "</span><b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">
</span></b><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white"><<<b>
</b>(1<b> </b><<<b> </b>AsmStrBits)-1<b> </b><<<b> </b></span><span style="font-size:9.5pt;font-family:Consolas;color:#a31515;background:white">")-1;\n\n"</span><span style="font-size:9.5pt;font-family:Consolas;color:black;background:white">;</span><u></u><u></u></p>
<p class="MsoNormal">’’’’<u></u><u></u></p>
<p class="MsoNormal">Appreciate comments.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks,<u></u><u></u></p>
<p class="MsoNormal">Satyajeet<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>_______________________________________________<br>
LLVM Developers mailing list<br>
<a href="mailto:LLVMdev@cs.uiuc.edu">LLVMdev@cs.uiuc.edu</a> <a href="http://llvm.cs.uiuc.edu" target="_blank">http://llvm.cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev</a><br>
<br></blockquote></div><br></div>