[LLVMbugs] [Bug 4797] New: null ptr dereference in SimpleRegisterCoalescing:: JoinIntervals

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Thu Aug 27 07:03:30 PDT 2009 

http://llvm.org/bugs/show_bug.cgi?id=4797

           Summary: null ptr dereference in
                    SimpleRegisterCoalescing::JoinIntervals
           Product: new-bugs
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: regehr at cs.utah.edu
                CC: llvmbugs at cs.uiuc.edu


Seen on Ubuntu Hardy.

regehr at john-home:~/volatile/tmp188$ valgrind --trace-children=yes llvm-gcc -O2
small.c
==15437== Memcheck, a memory error detector.
==15437== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==15437== Using LibVEX rev 1804, a library for dynamic binary translation.
==15437== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==15437== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==15437== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==15437== For more details, rerun with: -v
==15437== 
==15438== Memcheck, a memory error detector.
==15438== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==15438== Using LibVEX rev 1804, a library for dynamic binary translation.
==15438== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==15438== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==15438== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==15438== For more details, rerun with: -v
==15438== 
small.c: In function ‘uint82’:
small.c:23: warning: overflow in implicit constant conversion
small.c:29: warning: passing argument 2 of ‘bar’ makes integer from pointer
without a cast
==15438== Invalid read of size 4
==15438==    at 0x89000D2:
llvm::SimpleRegisterCoalescing::JoinIntervals(llvm::LiveInterval&,
llvm::LiveInterval&, bool&) (in
/home/regehr/z/tmp/llvm-gcc-r80167-install/libexec/gcc/i686-pc-linux-gnu/4.2.1/cc1)
==15438==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
small.c: At top level:
small.c:33: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <URL:http://llvm.org/bugs/> for instructions.
==15438== 
==15438== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 21 from 1)
==15438== malloc/free: in use at exit: 609,875 bytes in 2,011 blocks.
==15438== malloc/free: 8,509 allocs, 6,498 frees, 1,651,899 bytes allocated.
==15438== For counts of detected errors, rerun with: -v
==15438== searching for pointers to 2,011 not-freed blocks.
==15438== checked 1,849,460 bytes.
==15438== 
==15438== LEAK SUMMARY:
==15438==    definitely lost: 0 bytes in 0 blocks.
==15438==      possibly lost: 1,743 bytes in 41 blocks.
==15438==    still reachable: 608,132 bytes in 1,970 blocks.
==15438==         suppressed: 0 bytes in 0 blocks.
==15438== Rerun with --leak-check=full to see details of leaked memory.
==15437== 
==15437== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 21 from 1)
==15437== malloc/free: in use at exit: 18,964 bytes in 73 blocks.
==15437== malloc/free: 491 allocs, 418 frees, 42,016 bytes allocated.
==15437== For counts of detected errors, rerun with: -v
==15437== searching for pointers to 73 not-freed blocks.
==15437== checked 146,056 bytes.
==15437== 
==15437== LEAK SUMMARY:
==15437==    definitely lost: 4,314 bytes in 32 blocks.
==15437==      possibly lost: 0 bytes in 0 blocks.
==15437==    still reachable: 14,650 bytes in 41 blocks.
==15437==         suppressed: 0 bytes in 0 blocks.
==15437== Rerun with --leak-check=full to see details of leaked memory.

regehr at john-home:~/volatile/tmp188$ llvm-gcc -v

Using built-in specs.
Target: i686-pc-linux-gnu
Configured with: ../configure
--prefix=/home/regehr/z/tmp/llvm-gcc-r80167-install
--program-prefix=llvm-r80167- --enable-languages=c,c++
--enable-llvm=/home/regehr/z/tmp/llvm-r80167 --enable-checking=release
Thread model: posix
gcc version 4.2.1 (Based on Apple Inc. build 5649) (LLVM build)

regehr at john-home:~/volatile/tmp188$ cat small.c

char
foo (char _si1, char _si2)
{
  return _si1 && _si2 == 1 ? : (_si1 % _si2);
}

short int
bar (short int _si1, char _si2)
{
  return _si1 && 1 + _si1 && _si1 || _si1 && _si2 && _si1
    && _si2 + _si1 ? : 1;
}

char
baz (unsigned short int _ui1, char _ui2)
{
  return 0 ? : (_ui1 % (unsigned short int) _ui2);
}

char g_51;
uint82 (int p_93, char p_94)
{
  char l_95 = 0xC9230FEFL;
  char l_97 = -10L;
  if (func_86
      (foo
       (baz (g_51 >= 1, l_95),
        l_97)) >= bar (func_52 (1),
                       foo))
    for (0; 1; 1)
      {
      }
}


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list