[llvm-branch-commits] [llvm] e0db588 - [IR] Fix assertion error in User new/delete edge case (#129914)

[Tom Stellard via llvm-branch-commits]

Author: Marc Auberer
Date: 2025-04-11T13:05:07-07:00
New Revision: e0db588f3db40b1486e215c5d0b72a8f9ea2b018

URL: https://github.com/llvm/llvm-project/commit/e0db588f3db40b1486e215c5d0b72a8f9ea2b018
DIFF: https://github.com/llvm/llvm-project/commit/e0db588f3db40b1486e215c5d0b72a8f9ea2b018.diff

LOG: [IR] Fix assertion error in User new/delete edge case (#129914)

Fixes #129900

If `operator delete` was called after an unsuccessful constructor call
after `operator new`, we ran into undefined behaviour.
This was discovered by our malfunction tests while preparing an upgrade
to LLVM 20, that explicitly check for such kind of bugs.

(cherry picked from commit 8d38906d08f0189a7a7f865b267f47cab0a3790f)

Added: 
    

Modified: 
    llvm/lib/IR/User.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/IR/User.cpp b/llvm/lib/IR/User.cpp
index b0aa785deb9af..ab44cb4b8a3f7 100644
--- a/llvm/lib/IR/User.cpp
+++ b/llvm/lib/IR/User.cpp
@@ -146,6 +146,9 @@ void *User::allocateFixedOperandUser(size_t Size, unsigned Us,
   Use *Start = reinterpret_cast<Use *>(Storage + DescBytesToAllocate);
   Use *End = Start + Us;
   User *Obj = reinterpret_cast<User *>(End);
+  Obj->NumUserOperands = Us;
+  Obj->HasHungOffUses = false;
+  Obj->HasDescriptor = DescBytes != 0;
   for (; Start != End; Start++)
     new (Start) Use(Obj);
 
@@ -172,6 +175,9 @@ void *User::operator new(size_t Size, HungOffOperandsAllocMarker) {
   void *Storage = ::operator new(Size + sizeof(Use *));
   Use **HungOffOperandList = static_cast<Use **>(Storage);
   User *Obj = reinterpret_cast<User *>(HungOffOperandList + 1);
+  Obj->NumUserOperands = 0;
+  Obj->HasHungOffUses = true;
+  Obj->HasDescriptor = false;
   *HungOffOperandList = nullptr;
   return Obj;
 }