[LLVMbugs] [Bug 1252] NEW: Read-after-free bug in llvm-gcc

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Sat Mar 10 13:23:21 PST 2007 

http://llvm.org/bugs/show_bug.cgi?id=1252

           Summary: Read-after-free bug in llvm-gcc
           Product: tools
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: llvm-gcc
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: asl at math.spbu.ru


Consider attached .c file. It causes assertion at -O3 optimization level.
Assertion was due to uninitialized read in EmitLV_DECL() routine (line numbers
may be incorrect):

==6803==    at 0x834B8B8: TreeToLLVM::EmitLV_DECL(tree_node*) (Value.h:190)
==6803==    by 0x836B37F: TreeToLLVM::EmitLV(tree_node*) (llvm-convert.cpp:846)
==6803==    by 0x8370EE2: TreeToLLVM::EmitADDR_EXPR(tree_node*)
(llvm-convert.cpp:2280)
==6803==    by 0x835A207: TreeToLLVM::Emit(tree_node*, llvm::Value*)
(llvm-convert.cpp:702)
==6803==    by 0x8359A54: TreeToLLVM::EmitCALL_EXPR(tree_node*, llvm::Value*)
(llvm-convert.cpp:2305)
==6803==    by 0x835A40A: TreeToLLVM::Emit(tree_node*, llvm::Value*)
(llvm-convert.cpp:703)
==6803==    by 0x836EE9F: TreeToLLVM::EmitMODIFY_EXPR(tree_node*, llvm::Value*)
(llvm-convert.cpp:2673)
==6803==    by 0x835A686: TreeToLLVM::Emit(tree_node*, llvm::Value*)
(llvm-convert.cpp:704)
==6803==    by 0x83684D5: TreeToLLVM::EmitSTATEMENT_LIST(tree_node*,
llvm::Value*) (llvm-convert.cpp:1464)
==6803==    by 0x835A4FE: TreeToLLVM::Emit(tree_node*, llvm::Value*)
(llvm-convert.cpp:673)
==6803==    by 0x8368F03: TreeToLLVM::EmitBIND_EXPR(tree_node*, llvm::Value*)
(llvm-convert.cpp:1439)
==6803==    by 0x835A3EC: TreeToLLVM::Emit(tree_node*, llvm::Value*)
(llvm-convert.cpp:672)
==6803==  Address 0x43386A4 is 4 bytes inside a block of size 100 free'd
==6803==    at 0x402167A: operator delete(void*) (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==6803==    by 0x88629B0: llvm::Function::~Function() (Function.cpp:111)
==6803==    by 0x84F605A: llvm::iplist<llvm::Function,
llvm::ilist_traits<llvm::Function>
>::erase(llvm::ilist_iterator<llvm::Function>) (ilist:323)
==6803==    by 0x8862AE3: llvm::Function::eraseFromParent() (Function.cpp:138)
==6803==    by 0x83694B8: TreeToLLVM::StartFunctionBody() (llvm-convert.cpp:470)
==6803==    by 0x83425BC: llvm_emit_code_for_current_function (llvm-backend.cpp:501)
==6803==    by 0x80DDFE8: tree_rest_of_compilation (in
/home/asl/proj/llvm/install_debug/libexec/gcc/i686-pc-linux-gnu/4.0.1/cc1)

The statement in question is "  if (GlobalValue *GV =
dyn_cast<GlobalValue>(Decl)) {" line. It seems, that Decl, returned by DECL_LLVM
is dead somehow...



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the llvm-bugs mailing list