[PATCH] D91410: [llvm][clang][mlir] Add checks for the return values from Target::createXXX to prevent protential null deref

Ella Ma via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Nov 13 03:33:00 PST 2020 

OikawaKirie created this revision.
OikawaKirie added reviewers: serge-sans-paille, ahmedcharles, niravd, echristo, maskray0, pcc, tejohnson, espindola, courbet, andreadb, epastor, enderby, lhames, whchung, ftynse.
OikawaKirie added projects: LLVM, clang, MLIR.
Herald added subscribers: llvm-commits, cfe-commits, rdzhabarov, tatianashp, msifontes, jurahul, Kayjukh, grosul1, Joonsoo, liufengdb, aartbik, lucyrfox, mgester, arpith-jacob, csigg, antiagainst, shauheen, rriddle, mehdi_amini, rupprecht, steven_wu, gbedwell, hiraditya.
Herald added a reviewer: jhenderson.
Herald added a reviewer: MaskRay.
OikawaKirie requested review of this revision.
Herald added subscribers: stephenneuendorffer, nicolasvasilache.
Herald added a reviewer: herhut.

All these potential null pointer dereferences are reported by my static analyzer for null smart pointer dereferences, which has a different implementation from `alpha.cplusplus.SmartPtr`.

The checked pointers in this patch are initialized by Target::createXXX functions. When the creator function pointer is not correctly set, a null pointer will be returned, or the creator function may originally return a null pointer.

Some of them may not make sense as they may be checked before entering the function, but I fixed them all in this patch. I submit this fix because 1) similar checks are found in some other places in the LLVM codebase for the same return value of the function; and, 2) some of the pointers are dereferenced before they are checked, which may definitely trigger a null pointer dereference if the return value is nullptr.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D91410

Files:
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
  clang/tools/driver/cc1as_main.cpp
  llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp
  llvm/lib/CodeGen/AsmPrinter/AsmPrinterInlineAsm.cpp
  llvm/lib/CodeGen/LLVMTargetMachine.cpp
  llvm/lib/CodeGen/ParallelCG.cpp
  llvm/lib/LTO/LTOBackend.cpp
  llvm/lib/LTO/LTOCodeGenerator.cpp
  llvm/lib/LTO/LTOModule.cpp
  llvm/lib/LTO/ThinLTOCodeGenerator.cpp
  llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp
  llvm/tools/llvm-exegesis/lib/LlvmState.cpp
  llvm/tools/llvm-exegesis/llvm-exegesis.cpp
  llvm/tools/llvm-mc/llvm-mc.cpp
  llvm/tools/llvm-mca/llvm-mca.cpp
  llvm/tools/llvm-ml/llvm-ml.cpp
  llvm/tools/llvm-objdump/MachODump.cpp
  llvm/tools/llvm-rtdyld/llvm-rtdyld.cpp
  mlir/lib/Conversion/GPUCommon/ConvertKernelFuncToBlob.cpp
  mlir/lib/ExecutionEngine/ExecutionEngine.cpp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D91410.305071.patch
Type: text/x-patch
Size: 18942 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20201113/38adc84d/attachment-0001.bin>

More information about the cfe-commits mailing list