[LLVMbugs] [Bug 2072] New: use-after-free in GVN

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Wed Feb 20 00:02:54 PST 2008 

http://llvm.org/bugs/show_bug.cgi?id=2072

           Summary: use-after-free in GVN
           Product: new-bugs
           Version: unspecified
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: baldrick at free.fr
                CC: llvmbugs at cs.uiuc.edu


Created an attachment (id=1433)
 --> (http://llvm.org/bugs/attachment.cgi?id=1433)
testcase .ll

$ valgrind opt use_after_free.bc -gvn
...
 Invalid read of size 2
    at 0x82D2A58: llvm::Value::getValueID() const (Value.h:208)
    by 0x82D2ACC: bool llvm::isa_impl<llvm::Instruction,
llvm::Value>(llvm::Value const&) (Value.h:257)
    by 0x82D3230: llvm::isa_impl_wrap<llvm::Instruction, llvm::Value const,
llvm::Value const>::doit(llvm::Value const&) (Casting.h:71)
    by 0x82D3246: bool
llvm::isa_impl_cl<llvm::Value>::isa<llvm::Instruction>(llvm::Value const&)
(Casting.h:83)
    by 0x82EE95E: bool llvm::isa_impl_cl<llvm::Value
const>::isa<llvm::Instruction>(llvm::Value const&) (Casting.h:92)
    by 0x82EE974: bool llvm::isa_impl_cl<llvm::Value
const*>::isa<llvm::Instruction>(llvm::Value const*) (Casting.h:101)
    by 0x82EE98C: bool llvm::isa<llvm::Instruction, llvm::Value
const*>(llvm::Value const* const&) (Casting.h:116)
    by 0x82FE180: llvm::CallInst::classof(llvm::Value const*)
(Instructions.h:980)
    by 0x82FE1C2: bool llvm::isa_impl<llvm::CallInst, llvm::Value>(llvm::Value
const&) (Casting.h:54)
    by 0x82FE1D8: llvm::isa_impl_wrap<llvm::CallInst, llvm::Value const,
llvm::Value const>::doit(llvm::Value const&) (Casting.h:71)
    by 0x82FE1EE: bool
llvm::isa_impl_cl<llvm::Value>::isa<llvm::CallInst>(llvm::Value const&)
(Casting.h:83)
    by 0x82FE232: bool llvm::isa_impl_cl<llvm::Value
const>::isa<llvm::CallInst>(llvm::Value const&) (Casting.h:92)
  Address 0x42d3f44 is 4 bytes inside a block of size 44 free'd
    at 0x402231C: operator delete(void*) (vg_replace_malloc.c:342)
    by 0x8556D6A: llvm::CallInst::~CallInst() (Instructions.cpp:239)
    by 0x83012D0: llvm::iplist<llvm::Instruction,
llvm::ilist_traits<llvm::Instruction>
>::erase(llvm::ilist_iterator<llvm::Instruction>) (ilist:368)
    by 0x8547494: llvm::Instruction::eraseFromParent() (Instruction.cpp:68)
    by 0x8364649: (anonymous
namespace)::GVN::iterateOnFunction(llvm::Function&) (GVN.cpp:1342)
    by 0x8364733: (anonymous namespace)::GVN::runOnFunction(llvm::Function&)
(GVN.cpp:1295)
    by 0x856C52B: llvm::FPPassManager::runOnFunction(llvm::Function&)
(PassManager.cpp:1184)
    by 0x856C6CD: llvm::FPPassManager::runOnModule(llvm::Module&)
(PassManager.cpp:1204)
    by 0x856C201: llvm::MPPassManager::runOnModule(llvm::Module&)
(PassManager.cpp:1254)
    by 0x856C3B9: llvm::PassManagerImpl::run(llvm::Module&)
(PassManager.cpp:1328)
    by 0x856C40B: llvm::PassManager::run(llvm::Module&) (PassManager.cpp:1360)
    by 0x82E017E: main (opt.cpp:426)


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list