[LLVMbugs] [Bug 14568] New: Out of bounds read in DFA packetizer

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon Dec 10 14:39:14 PST 2012


             Bug #: 14568
           Summary: Out of bounds read in DFA packetizer
           Product: new-bugs
           Version: trunk
          Platform: PC
        OS/Version: Windows NT
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: adasgupt at codeaurora.org
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Bug filed by Carlos Sanchez de La Lama:

Hi all,

I have found what I think it is a bug in DFAPacketizer::ReadTable.

When finding NextStateInTable to cache all transitions belonging to a state
into CachedTable, ReadTable does not check bounds:

unsigned ThisState = DFAStateEntryTable[state];                                
unsigned NextStateInTable = DFAStateEntryTable[state+1];   

which makes NextStateInTable get a random value when state == <last state in
table>. Behaviour changes depending on gcc version / platform / ..., but in
some cases might lead to segmentation faults.

I have checked the problem happens in Hexagon tests (for example fadd.ll test)
but does not break badly there (though CachedTable will get some unneded and
random data rows).

Probably making tblgen add an end-of-table marker in <Target>DFAStateEntryTable
is the easiest solution.



Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list