[LLVMbugs] [Bug 1972] New: Invalid alloca instcombine
bugzilla-daemon at cs.uiuc.edu
bugzilla-daemon at cs.uiuc.edu
Fri Feb 1 15:56:19 PST 2008
http://llvm.org/bugs/show_bug.cgi?id=1972
Summary: Invalid alloca instcombine
Product: new-bugs
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: new bugs
AssignedTo: unassignedbugs at nondot.org
ReportedBy: sharparrow1 at yahoo.com
CC: llvmbugs at cs.uiuc.edu
@g = global i32* zeroinitializer
define i1 @b(i32 %t) {
entry:
%r = mul i32 %t, 2863311532
%alloc = alloca i8, i32 %r
%casted = bitcast i8* %alloc to i32*
store i32* %casted, i32** @g
ret i1 1
}
instcombine combines the alloc to
%tmp = mul i32 %t, 715827883 ; <i32> [#uses=1]
%alloc = alloca i32, i32 %tmp ; <i32*> [#uses=1]
which is wrong. In this case, this turns what might be an allocation of 4 bytes
(if t is 3) into an extremely large allocation (which would crash in an
implementation that checked stack allocations, or possibly some 64-bit
implementations); in other cases, which I haven't bothered to figure out the
exact numbers for, it could cause a buffer overflow vulnerability.
The only situation under which this optimization would be correct would be if
the multiply could be guaranteed not to overflow, I think (unless we guarantee
that alloca's do 32-bit multiplication and ignore overflow, which seems a
strange at best).
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list