[LLVMbugs] [Bug 14568] New: Out of bounds read in DFA packetizer
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Mon Dec 10 14:39:14 PST 2012
http://llvm.org/bugs/show_bug.cgi?id=14568
Bug #: 14568
Summary: Out of bounds read in DFA packetizer
Product: new-bugs
Version: trunk
Platform: PC
OS/Version: Windows NT
Status: NEW
Severity: enhancement
Priority: P
Component: new bugs
AssignedTo: unassignedbugs at nondot.org
ReportedBy: adasgupt at codeaurora.org
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
Bug filed by Carlos Sanchez de La Lama:
---
Hi all,
I have found what I think it is a bug in DFAPacketizer::ReadTable.
When finding NextStateInTable to cache all transitions belonging to a state
into CachedTable, ReadTable does not check bounds:
unsigned ThisState = DFAStateEntryTable[state];
|
unsigned NextStateInTable = DFAStateEntryTable[state+1];
which makes NextStateInTable get a random value when state == <last state in
table>. Behaviour changes depending on gcc version / platform / ..., but in
some cases might lead to segmentation faults.
I have checked the problem happens in Hexagon tests (for example fadd.ll test)
but does not break badly there (though CachedTable will get some unneded and
random data rows).
Probably making tblgen add an end-of-table marker in <Target>DFAStateEntryTable
is the easiest solution.
BR
Carlos
---
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list