[all-commits] [llvm/llvm-project] 36af4c: [SelectionDAG] Fix use-after-free introduced in D1...
zero9178 via All-commits
all-commits at lists.llvm.org
Mon Oct 3 06:11:19 PDT 2022
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 36af4c8418c1250faadeb8437bf13e460d606521
https://github.com/llvm/llvm-project/commit/36af4c8418c1250faadeb8437bf13e460d606521
Author: Markus Böck <markus.boeck02 at gmail.com>
Date: 2022-10-03 (Mon, 03 Oct 2022)
Changed paths:
M llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp
Log Message:
-----------
[SelectionDAG] Fix use-after-free introduced in D130881
The code introduced in https://reviews.llvm.org/D130881 has a bug as it may cause a use-after-free error that can be caught by ASAN.
The bug essentially boils down to iterator invalidation of `DenseMap`. The expression `SDEI[To] = I->second;` may cause `SDEI` to grow if `To` is inserted for the very first time. When that happens, all existing iterators to the map are invalidated as their backing storage has been freed. Accessing `I->second` is then invalid and attempts to access freed memory (as `I` is an iterator of `SDEI`).
This patch fixes that quite simply by first making a copy of `I->second`, and then moving into the possibly newly inserted KV of the ` DenseMap`.
No test attached as I am not sure it is practible to test.
Differential revision: https://reviews.llvm.org/D135019
More information about the All-commits
mailing list