[LLVMbugs] [Bug 2578] New: TrimAllocationToSize will trim blocks to smaller than FreeRangeHeader:: getMinBlockSize()
bugzilla-daemon at cs.uiuc.edu
bugzilla-daemon at cs.uiuc.edu
Mon Jul 21 20:15:35 PDT 2008
http://llvm.org/bugs/show_bug.cgi?id=2578
Summary: TrimAllocationToSize will trim blocks to smaller than
FreeRangeHeader::getMinBlockSize()
Product: libraries
Version: 2.3
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Generic Execution Engine Support
AssignedTo: unassignedbugs at nondot.org
ReportedBy: ddneff at hotmail.com
CC: llvmbugs at cs.uiuc.edu, ddneff at hotmail.com
There appears to be a bug in MemoryRangeHeader::TrimAllocationToSize in that it
only checks if the split off block will have a size greater than
FreeRangeHeader::getMinBlockSize(), instead of checking if both blocks will
have a size greater than this value. This will happen when you have a very
small function and endFunctionBody is called. It will trim the block for the
function to smaller than FreeRangeHeader::getMinBlockSize(), and when this
block gets freed at a later time, the block size written to the end of block
stomps on the previous pointer. A possible solution is probably to just add:
NewSize = std::min(NewSize, FreeRangeHeader::getMinBlockSize());
Steps to reproduce:
1) create a very small function, such as a ret void.
2) JIT the function by calling getPointerToGlobal
3) Release the function by calling freeMachineCodeForFunction
Results: the circular free list is now corrupt.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list