[LLVMbugs] [Bug 10755] New: ARM Disassembler crash on invalid input
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Aug 25 19:05:47 PDT 2011
http://llvm.org/bugs/show_bug.cgi?id=10755
Summary: ARM Disassembler crash on invalid input
Product: libraries
Version: trunk
Platform: PC
OS/Version: All
Status: NEW
Severity: normal
Priority: P
Component: Backend: ARM
AssignedTo: unassignedbugs at nondot.org
ReportedBy: chandlerc at gmail.com
CC: resistor at mac.com, llvmbugs at cs.uiuc.edu
Found a crashing input for the ARM disassembler. There are many many inputs
which hit the same crash, this is just one example.
% ./llvm-mc -disassemble -triple thumbv7-unknown-unknown crasher.txt
crasher.txt:1:1: warning: potentially undefined instruction encoding
0xff 0xbf 0x6b 0x80 0x00 0x75
^
iteee al
strh r3, [r5, #2]
strbUnknown condition code
UNREACHABLE executed at lib/Target/ARM/MCTargetDesc/ARMBaseInfo.h:70!
This appears to be because in ARMDisassembler.cpp:378 we read a condition code,
but don't check for an invalid entry:
374 // If we're in an IT block, base the predicate on that. Otherwise,
375 // assume a predicate of AL.
376 unsigned CC;
377 if (!ITBlock.empty()) {
378 CC = ITBlock.back();
379 ITBlock.pop_back();
380 } else
381 CC = ARMCC::AL;
I suspect this needs some logic along the lines of what DecodeITCond has, where
it checks for 0xF, flags a failure, and sets it to 0xE to avoid crashing. I've
added code to just always map 0xF to 0xE here (w/o flagging the error) and the
crash for this (and all the other inputs that hit the same assert that I have)
go away.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list