[cfe-dev] ASAN reporting heap overrun when doing a partial store to extended vector
Eli Friedman via cfe-dev
cfe-dev at lists.llvm.org
Wed Mar 4 15:47:04 PST 2020
Unfortunately, the OpenCL standard doesn’t really state anything explicitly here.
clang does in fact lower the construct in question to a load+shuffle+store, so it’s likely to fail in practice.
-Eli
From: cfe-dev <cfe-dev-bounces at lists.llvm.org> On Behalf Of Akira Hatanaka via cfe-dev
Sent: Wednesday, March 4, 2020 2:00 PM
To: clang developer list <cfe-dev at lists.llvm.org>
Subject: [EXT] Re: [cfe-dev] ASAN reporting heap overrun when doing a partial store to extended vector
In case it wasn’t clear, malloc is allocating memory that is large enough to contain only the first 16 elements of a vec32. writeVec loads ‘data’ as a vec32, writes ‘value’ to the first 16 elements of the vector, and stores the vec32 vector via pointer ‘data'.
It's not clear to me whether this is an error in the source code or IRGen.
On Mar 3, 2020, at 4:56 PM, Akira Hatanaka via cfe-dev <cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>> wrote:
Does the following code have undefined behavior?
$ cat test.c
typedef __attribute__((__ext_vector_type__(32))) unsigned short vec32;
typedef __attribute__((__ext_vector_type__(16))) unsigned short vec16;
void writeVec(vec32 *data) {
vec16 value = 0xffff;
data->lo = value;
}
void foo1() {
vec32 *p = (vec32 *)malloc(sizeof(unsigned short) * 16);
writeVec(p);
}
The code above causes ASAN to report a heap overrun because clang creates a vector with 32 elements using vector shuffling and writes it back via the pointer passed to writeVec.
_______________________________________________
cfe-dev mailing list
cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200304/c319e2f9/attachment.html>
More information about the cfe-dev
mailing list