[LLVMbugs] [Bug 4046] New: Use after free in test/Feature/embeddedmetadata.ll
bugzilla-daemon at cs.uiuc.edu
bugzilla-daemon at cs.uiuc.edu
Thu Apr 23 13:56:53 PDT 2009
http://llvm.org/bugs/show_bug.cgi?id=4046
Summary: Use after free in test/Feature/embeddedmetadata.ll
Product: new-bugs
Version: unspecified
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: new bugs
AssignedTo: unassignedbugs at nondot.org
ReportedBy: baldrick at free.fr
CC: llvmbugs at cs.uiuc.edu
$ llvm-as < embeddedmetadata.ll | valgrind llvm-dis
==849== Memcheck, a memory error detector.
==849== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==849== Using LibVEX rev 1672M, a library for dynamic binary translation.
==849== Copyright (C) 2004-2009, and GNU GPL'd, by OpenWorks LLP.
==849== Using valgrind-3.5.0.SVN, a dynamic binary instrumentation framework.
==849== Copyright (C) 2000-2009, and GNU GPL'd, by Julian Seward et al.
==849== For more details, rerun with: -v
==849==
==849== Invalid read of size 4
==849== at 0x43484A: llvm::MDNode::Profile(llvm::FoldingSetNodeID&) (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x4D710F:
llvm::FoldingSetImpl::FindNodeOrInsertPos(llvm::FoldingSetNodeID const&,
void*&) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x436062: llvm::MDNode::get(llvm::Constant* const*, unsigned int)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x41173E: llvm::BitcodeReader::ParseConstants() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x412C8F: llvm::BitcodeReader::ParseFunctionBody(llvm::Function*)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x416D09:
llvm::BitcodeReader::materializeFunction(llvm::Function*, std::string*) (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x40BFB4: llvm::BitcodeReader::materializeModule(std::string*)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x418BD0: llvm::ParseBitcodeFile(llvm::MemoryBuffer*,
std::string*) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x40AFC9: main (in llvm-objects/Release/bin/llvm-dis)
==849== Address 0x5d70d20 is 96 bytes inside a block of size 112 free'd
==849== at 0x4C2614D: operator delete(void*) (vg_replace_malloc.c:313)
==849== by 0x40CA85:
llvm::BitcodeReaderValueList::ResolveConstantForwardRefs() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x4121E9: llvm::BitcodeReader::ParseConstants() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x417BA4: llvm::BitcodeReader::ParseModule(std::string const&)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x418798: llvm::BitcodeReader::ParseBitcode() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x418B54: llvm::getBitcodeModuleProvider(llvm::MemoryBuffer*,
std::string*) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x418BBC: llvm::ParseBitcodeFile(llvm::MemoryBuffer*,
std::string*) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x40AFC9: main (in llvm-objects/Release/bin/llvm-dis)
==849==
==849== Invalid read of size 8
==849== at 0x434860: llvm::MDNode::Profile(llvm::FoldingSetNodeID&) (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x4D710F:
llvm::FoldingSetImpl::FindNodeOrInsertPos(llvm::FoldingSetNodeID const&,
void*&) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x436062: llvm::MDNode::get(llvm::Constant* const*, unsigned int)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x41173E: llvm::BitcodeReader::ParseConstants() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x412C8F: llvm::BitcodeReader::ParseFunctionBody(llvm::Function*)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x416D09:
llvm::BitcodeReader::materializeFunction(llvm::Function*, std::string*) (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x40BFB4: llvm::BitcodeReader::materializeModule(std::string*)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x418BD0: llvm::ParseBitcodeFile(llvm::MemoryBuffer*,
std::string*) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x40AFC9: main (in llvm-objects/Release/bin/llvm-dis)
==849== Address 0x5d70cc0 is 0 bytes inside a block of size 112 free'd
==849== at 0x4C2614D: operator delete(void*) (vg_replace_malloc.c:313)
==849== by 0x40CA85:
llvm::BitcodeReaderValueList::ResolveConstantForwardRefs() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x4121E9: llvm::BitcodeReader::ParseConstants() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x417BA4: llvm::BitcodeReader::ParseModule(std::string const&)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x418798: llvm::BitcodeReader::ParseBitcode() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x418B54: llvm::getBitcodeModuleProvider(llvm::MemoryBuffer*,
std::string*) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x418BBC: llvm::ParseBitcodeFile(llvm::MemoryBuffer*,
std::string*) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x40AFC9: main (in llvm-objects/Release/bin/llvm-dis)
==849==
==849== Invalid read of size 8
==849== at 0x4D711F:
llvm::FoldingSetImpl::FindNodeOrInsertPos(llvm::FoldingSetNodeID const&,
void*&) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x436062: llvm::MDNode::get(llvm::Constant* const*, unsigned int)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x41173E: llvm::BitcodeReader::ParseConstants() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x412C8F: llvm::BitcodeReader::ParseFunctionBody(llvm::Function*)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x416D09:
llvm::BitcodeReader::materializeFunction(llvm::Function*, std::string*) (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x40BFB4: llvm::BitcodeReader::materializeModule(std::string*)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x418BD0: llvm::ParseBitcodeFile(llvm::MemoryBuffer*,
std::string*) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x40AFC9: main (in llvm-objects/Release/bin/llvm-dis)
==849== Address 0x5d70d28 is 104 bytes inside a block of size 112 free'd
==849== at 0x4C2614D: operator delete(void*) (vg_replace_malloc.c:313)
==849== by 0x40CA85:
llvm::BitcodeReaderValueList::ResolveConstantForwardRefs() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x4121E9: llvm::BitcodeReader::ParseConstants() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x417BA4: llvm::BitcodeReader::ParseModule(std::string const&)
(in llvm-objects/Release/bin/llvm-dis)
==849== by 0x418798: llvm::BitcodeReader::ParseBitcode() (in
llvm-objects/Release/bin/llvm-dis)
==849== by 0x418B54: llvm::getBitcodeModuleProvider(llvm::MemoryBuffer*,
std::string*) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x418BBC: llvm::ParseBitcodeFile(llvm::MemoryBuffer*,
std::string*) (in llvm-objects/Release/bin/llvm-dis)
==849== by 0x40AFC9: main (in llvm-objects/Release/bin/llvm-dis)
; ModuleID = '<stdin>'
@llvm.foo = internal constant { } !{i17 123, { } !"foobar"} ; <{
}*> [#uses=0]
declare i8 @llvm.something({ })
define void @foo() {
%x = call i8 @llvm.something({ } !{{ } !"f\00oa", i42 123})
; <i8> [#uses=0]
ret void
}
==849==
==849== ERROR SUMMARY: 4 errors from 3 contexts (suppressed: 2 from 1)
==849== malloc/free: in use at exit: 2,544 bytes in 38 blocks.
==849== malloc/free: 355 allocs, 317 frees, 70,162 bytes allocated.
==849== For counts of detected errors, rerun with: -v
==849== searching for pointers to 38 not-freed blocks.
==849== checked 208,360 bytes.
==849==
==849== LEAK SUMMARY:
==849== definitely lost: 552 bytes in 7 blocks.
==849== indirectly lost: 704 bytes in 10 blocks.
==849== possibly lost: 0 bytes in 0 blocks.
==849== still reachable: 1,288 bytes in 21 blocks.
==849== suppressed: 0 bytes in 0 blocks.
==849== Rerun with --leak-check=full to see details of leaked memory.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list