[LLVMbugs] [Bug 4124] New: null ptr dereferenced

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Fri May 1 19:32:06 PDT 2009 

http://llvm.org/bugs/show_bug.cgi?id=4124

           Summary: null ptr dereferenced
           Product: new-bugs
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: regehr at cs.utah.edu
                CC: llvmbugs at cs.uiuc.edu, jxyang at cs.utah.edu


Seen using r70531 on Ubuntu Hardy on x86.

regehr at john-home:~/volatile/tmp158$ valgrind --trace-children=yes llvm-gcc -O3
small.c
==2526== Memcheck, a memory error detector.
==2526== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==2526== Using LibVEX rev 1804, a library for dynamic binary translation.
==2526== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==2526== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==2526== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==2526== For more details, rerun with: -v
==2526== 
==2528== Memcheck, a memory error detector.
==2528== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==2528== Using LibVEX rev 1804, a library for dynamic binary translation.
==2528== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==2528== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==2528== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==2528== For more details, rerun with: -v
==2528== 
==2528== Invalid read of size 4
==2528==    at 0x88D5655:
llvm::SimpleRegisterCoalescing::JoinIntervals(llvm::LiveInterval&,
llvm::LiveInterval&, bool&) (in
/home/regehr/z/tmp/llvm-gcc-r70531-install/libexec/gcc/i686-pc-linux-gnu/4.2.1/cc1)
==2528==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
small.c:51: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <URL:http://llvm.org/bugs/> for instructions.
==2528== 
==2528== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 23 from 1)
==2528== malloc/free: in use at exit: 542,819 bytes in 1,778 blocks.
==2528== malloc/free: 8,794 allocs, 7,016 frees, 1,627,093 bytes allocated.
==2528== For counts of detected errors, rerun with: -v
==2528== searching for pointers to 1,778 not-freed blocks.
==2528== checked 1,807,200 bytes.
==2528== 
==2528== LEAK SUMMARY:
==2528==    definitely lost: 0 bytes in 0 blocks.
==2528==      possibly lost: 1,028 bytes in 24 blocks.
==2528==    still reachable: 541,791 bytes in 1,754 blocks.
==2528==         suppressed: 0 bytes in 0 blocks.
==2528== Rerun with --leak-check=full to see details of leaked memory.
==2526== 
==2526== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 23 from 1)
==2526== malloc/free: in use at exit: 18,964 bytes in 73 blocks.
==2526== malloc/free: 491 allocs, 418 frees, 42,008 bytes allocated.
==2526== For counts of detected errors, rerun with: -v
==2526== searching for pointers to 73 not-freed blocks.
==2526== checked 153,916 bytes.
==2526== 
==2526== LEAK SUMMARY:
==2526==    definitely lost: 4,314 bytes in 32 blocks.
==2526==      possibly lost: 0 bytes in 0 blocks.
==2526==    still reachable: 14,650 bytes in 41 blocks.
==2526==         suppressed: 0 bytes in 0 blocks.
==2526== Rerun with --leak-check=full to see details of leaked memory.

regehr at john-home:~/volatile/tmp158$ cat small.c

int safe_rshift_func_int64_t_s_u (int _left, int _right)
{
  return 1 * 8 ? _left : 1;
}

short safe_unary_minus_func_uint16_t_u (short _ui)
{
  return -_ui;
}

int g_11;
char g_96;

int func_21 (char p_22, int p_24, char p_25)
{
  if (1 & g_11)
    {
      func_70 (func_59 (1));
    }
}

uint82 (int p_13, char p_14)
{
  for (1; 1; 1)
    {
      func_59 (func_51 (safe_rshift_func_int64_t_s_u (g_11, 0))
               && func_21 (g_96, p_14, 1));
    }
}

int func_51 (int p_52)
{
  if (safe_unary_minus_func_uint16_t_u (p_52) || !p_52)
    for (g_11 = 1; 0; 1)
      {
      }
  else
    {
      return 1;
    }
  return p_52;
}

int func_59 (int p_60, int p_61)
{
  g_11 = 1;
}

int func_70 (int32p_72)
{
}


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list