[LLVMbugs] [Bug 3016] New: null ptr dereference

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Wed Nov 5 17:45:07 PST 2008 

http://llvm.org/bugs/show_bug.cgi?id=3016

           Summary: null ptr dereference
           Product: new-bugs
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: regehr at cs.utah.edu
                CC: llvmbugs at cs.uiuc.edu


Seen using r58787 on Ubuntu Hardy on x86.

regehr at john-home:~/volatile/tmp56$ valgrind --trace-children=yes llvm-gcc -O3
small.c
==2041== Memcheck, a memory error detector.
==2041== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==2041== Using LibVEX rev 1804, a library for dynamic binary translation.
==2041== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==2041== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==2041== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==2041== For more details, rerun with: -v
==2041== 
==2042== Memcheck, a memory error detector.
==2042== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==2042== Using LibVEX rev 1804, a library for dynamic binary translation.
==2042== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==2042== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==2042== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==2042== For more details, rerun with: -v
==2042== 
==2042== Invalid read of size 4
==2042==    at 0x8A24304: (anonymous
namespace)::LCSSA::GetValueForBlock(llvm::DomTreeNodeBase<llvm::BasicBlock>*,
llvm::Instruction*, llvm::DenseMap<llvm::DomTreeNodeBase<llvm::BasicBlock>*,
llvm::Value*, llvm::DenseMapInfo<llvm::DomTreeNodeBase<llvm::BasicBlock>*>,
llvm::DenseMapInfo<llvm::Value*> >&) (in
/home/regehr/libexec/gcc/i686-pc-linux-gnu/4.2.1/cc1)
==2042==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
small.c:92: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <URL:http://developer.apple.com/bugreporter> for instructions.
==2042== 
==2042== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 21 from 1)
==2042== malloc/free: in use at exit: 461,015 bytes in 1,757 blocks.
==2042== malloc/free: 10,741 allocs, 8,984 frees, 1,435,760 bytes allocated.
==2042== For counts of detected errors, rerun with: -v
==2042== searching for pointers to 1,757 not-freed blocks.
==2042== checked 1,675,400 bytes.
==2042== 
==2042== LEAK SUMMARY:
==2042==    definitely lost: 0 bytes in 0 blocks.
==2042==      possibly lost: 351 bytes in 10 blocks.
==2042==    still reachable: 460,664 bytes in 1,747 blocks.
==2042==         suppressed: 0 bytes in 0 blocks.
==2042== Rerun with --leak-check=full to see details of leaked memory.
==2041== 
==2041== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 21 from 1)
==2041== malloc/free: in use at exit: 18,634 bytes in 73 blocks.
==2041== malloc/free: 479 allocs, 406 frees, 40,652 bytes allocated.
==2041== For counts of detected errors, rerun with: -v
==2041== searching for pointers to 73 not-freed blocks.
==2041== checked 145,304 bytes.
==2041== 
==2041== LEAK SUMMARY:
==2041==    definitely lost: 4,224 bytes in 32 blocks.
==2041==      possibly lost: 0 bytes in 0 blocks.
==2041==    still reachable: 14,410 bytes in 41 blocks.
==2041==         suppressed: 0 bytes in 0 blocks.
==2041== Rerun with --leak-check=full to see details of leaked memory.

regehr at john-home:~/volatile/tmp56$ cat small.c

int rshift_u_s (int left, int right)
{
  return left >> right;
}

int mod_rhs (int rhs)
{
}

int g_35;
int g_37;
int g_148;
int g_155;
int g_194;
int g_203;
int g_307;

int func_107 (short p_108);
int func_135 (int p_136, int p_137, int p_138,
                   short p_139, int p_140, int p_141);

int func_4 (int p_6, int p_7)
{
}

int func_89 (short p_90, int p_91, int p_92)
{
}

int func_105 (short p_106)
{
  func_107 (g_307 && 1 & p_106);
}

int func_107 (short p_108)
{
  int l_109;
  int l_111;
  int l_271;
  for (l_109 = 0; l_109 >= 0; l_109 += 0)
    {
      int l_280;
      if (rshift_u_s (p_108, 0))
        return 1;
      int l_255;
      func_129 (1 | l_255);
      for (l_111 = 1; l_111 == 0; l_111 += 1)
        {
          if (func_16 (0xA4408C10L, g_37, 0 || p_108, func_4) /
              div_rhs (lshift_u_s (l_280, 1)) | func_89(0,0,0) > rshift_s_s
(l_271,
                                                                      1))
            for (1; 1; p_108 += 1)
              {
              }
        }
    }
}

int func_123 (short p_124, int p_126)
{
}

int func_129 (int p_130)
{
  int l_133;
  int l_134;
  int l_207;
  l_133 =
    (1 %
     mod_rhs (func_135
              (l_134, 1, 1, 1, g_194,
               1 >= l_207 * p_130 * p_130 ^ 1 >= g_203) * 0xFA58L));
}

int func_135 (int p_136, int p_137, int p_138, short p_139,
          int p_140, int p_141)
{
  int l_143;
  if (g_35)
    {
      int l_168;
      for (l_143 = 0; l_143 > -29; l_143 -= 1)
        {
          if (p_140)
            g_148 = 1;
          if (func_123 (l_168, 1))
            {
              g_155 = g_148;
            }
        }
    }
}


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list