[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: improve handling of unreachable basic blocks (PR #136183)
Jacob Bramley via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Tue May 20 06:36:11 PDT 2025
jacobbramley wrote:
Just a thought: if BOLT has an incomplete CFG such that there are apparently-unreachable basic blocks, then either there's some genuine dead code, or some control flow that BOLT doesn't understand. If the basic block begins with `BTI j` (or an implicit alternative) then a computed branch is probably intended, and in that case, don't we have a potential problem for all basic blocks? That is, an attacker could divert a computed branch to _any_ `BTI j(c)`.
A warning is probably the right approach for now, anyway.
The code looks broadly sensible to me but I'm not sure if I'm the right person to do an implementation review here, so I just looked at a high level.
https://github.com/llvm/llvm-project/pull/136183
More information about the llvm-branch-commits
mailing list