[LLVMbugs] [Bug 12135] New: crash due to null ptr deref
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Wed Feb 29 08:19:53 PST 2012
http://llvm.org/bugs/show_bug.cgi?id=12135
Bug #: 12135
Summary: crash due to null ptr deref
Product: new-bugs
Version: trunk
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: new bugs
AssignedTo: unassignedbugs at nondot.org
ReportedBy: regehr at cs.utah.edu
CC: chenyang at cs.utah.edu, llvmbugs at cs.uiuc.edu
Classification: Unclassified
[regehr at gamow 2]$ clang -v
clang version 3.1 (trunk 151631)
Target: x86_64-unknown-linux-gnu
Thread model: posix
[regehr at gamow 2]$ cat small.c
int b, k, m;
void fn1 () {
int *s = &b;
int t[][1] = { 1 };
for (;;) {
if (*s)
break;
k = 0;
for (; k >= 0; k -= 1) {
m = 0;
for (; m <= 0; m = 1)
*s = t[0][m];
}
}
}
[regehr at gamow 2]$ valgrind -q --trace-children=yes clang -m32 -O3 -c small.c
==18440== Invalid read of size 8
==18440== at 0x1C78F37: llvm::ScalarEvolution::getSCEV(llvm::Value*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C71011:
llvm::ScalarEvolution::ComputeLoadConstantCompareExitLimit(llvm::LoadInst*,
llvm::Constant*, llvm::Loop const*, llvm::CmpInst::Predicate) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C71695:
llvm::ScalarEvolution::ComputeExitLimitFromICmp(llvm::Loop const*,
llvm::ICmpInst*, llvm::BasicBlock*, llvm::BasicBlock*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C71B43:
llvm::ScalarEvolution::ComputeExitLimitFromCond(llvm::Loop const*,
llvm::Value*, llvm::BasicBlock*, llvm::BasicBlock*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C72096: llvm::ScalarEvolution::ComputeExitLimit(llvm::Loop
const*, llvm::BasicBlock*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C7241D:
llvm::ScalarEvolution::ComputeBackedgeTakenCount(llvm::Loop const*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C729BD:
llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop const*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C85D88:
llvm::ScalarEvolution::getBackedgeTakenCount(llvm::Loop const*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1A62AB4: ??? (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C14143: llvm::LPPassManager::runOnFunction(llvm::Function&)
(in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1DEAC8A: llvm::FPPassManager::runOnFunction(llvm::Function&)
(in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1BA4F3C: ??? (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== Address 0x10 is not stack'd, malloc'd or (recently) free'd
==18440==
0 clang 0x0000000001e4cd6f
1 clang 0x0000000001e4efe2
2 libpthread.so.0 0x0000000004e3c8f0
3 clang 0x0000000001c78f37
llvm::ScalarEvolution::getSCEV(llvm::Value*) + 23
4 clang 0x0000000001c71012
llvm::ScalarEvolution::ComputeLoadConstantCompareExitLimit(llvm::LoadInst*,
llvm::Constant*, llvm::Loop const*, llvm::CmpInst::Predicate) + 658
5 clang 0x0000000001c71696
llvm::ScalarEvolution::ComputeExitLimitFromICmp(llvm::Loop const*,
llvm::ICmpInst*, llvm::BasicBlock*, llvm::BasicBlock*) + 918
6 clang 0x0000000001c71b44
llvm::ScalarEvolution::ComputeExitLimitFromCond(llvm::Loop const*,
llvm::Value*, llvm::BasicBlock*, llvm::BasicBlock*) + 468
7 clang 0x0000000001c72097
llvm::ScalarEvolution::ComputeExitLimit(llvm::Loop const*, llvm::BasicBlock*) +
711
8 clang 0x0000000001c7241e
llvm::ScalarEvolution::ComputeBackedgeTakenCount(llvm::Loop const*) + 798
9 clang 0x0000000001c729be
llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop const*) + 718
10 clang 0x0000000001c85d89
llvm::ScalarEvolution::getBackedgeTakenCount(llvm::Loop const*) + 9
11 clang 0x0000000001a62ab5
12 clang 0x0000000001c14144
llvm::LPPassManager::runOnFunction(llvm::Function&) + 1284
13 clang 0x0000000001deac8b
llvm::FPPassManager::runOnFunction(llvm::Function&) + 587
14 clang 0x0000000001ba4f3d
15 clang 0x0000000001dea761
llvm::MPPassManager::runOnModule(llvm::Module&) + 497
16 clang 0x0000000001dea8eb llvm::PassManagerImpl::run(llvm::Module&)
+ 187
17 clang 0x00000000007be515
clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions
const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::Module*,
clang::BackendAction, llvm::raw_ostream*) + 1429
18 clang 0x00000000007bb839
19 clang 0x000000000091ac91 clang::ParseAST(clang::Sema&, bool) + 465
20 clang 0x00000000007ba414 clang::CodeGenAction::ExecuteAction() +
68
21 clang 0x000000000065f501
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 321
22 clang 0x0000000000647fd9
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1609
23 clang 0x000000000063d090 cc1_main(char const**, char const**, char
const*, void*) + 960
24 clang 0x0000000000646cd7 main + 7143
25 libc.so.6 0x0000000005a1ac4d __libc_start_main + 253
26 clang 0x000000000063a8d9
Stack dump:
0. Program arguments:
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang
-cc1 -triple i386-unknown-linux-gnu -emit-obj -disable-free -main-file-name
small.c -mrelocation-model static -masm-verbose -mconstructor-aliases
-target-cpu pentium4 -momit-leaf-frame-pointer -coverage-file small.o
-resource-dir
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/../lib/clang/3.1
-fmodule-cache-path /var/tmp/clang-module-cache -internal-isystem
/usr/local/include -internal-isystem
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/../lib/clang/3.1/include
-internal-externc-isystem /usr/include/i486-linux-gnu -internal-externc-isystem
/include -internal-externc-isystem /usr/include -O3 -fdebug-compilation-dir
/home/regehr/z/reduce/2 -ferror-limit 19 -fmessage-length 80 -mstackrealign
-fgnu-runtime -fobjc-runtime-has-arc -fobjc-runtime-has-weak -fobjc-fragile-abi
-fdiagnostics-show-option -fcolor-diagnostics -o small.o -x c small.c
1. <eof> parser at end of file
2. Per-module optimization passes
3. Running pass 'CallGraph Pass Manager' on module 'small.c'.
4. Running pass 'Loop Pass Manager' on function '@fn1'
5. Running pass 'Induction Variable Simplification' on basic block
'%for.cond1.preheader'
==18440==
==18440== Process terminating with default action of signal 11 (SIGSEGV)
==18440== Access not within mapped region at address 0x10
==18440== at 0x1C78F37: llvm::ScalarEvolution::getSCEV(llvm::Value*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C71011:
llvm::ScalarEvolution::ComputeLoadConstantCompareExitLimit(llvm::LoadInst*,
llvm::Constant*, llvm::Loop const*, llvm::CmpInst::Predicate) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C71695:
llvm::ScalarEvolution::ComputeExitLimitFromICmp(llvm::Loop const*,
llvm::ICmpInst*, llvm::BasicBlock*, llvm::BasicBlock*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C71B43:
llvm::ScalarEvolution::ComputeExitLimitFromCond(llvm::Loop const*,
llvm::Value*, llvm::BasicBlock*, llvm::BasicBlock*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C72096: llvm::ScalarEvolution::ComputeExitLimit(llvm::Loop
const*, llvm::BasicBlock*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C7241D:
llvm::ScalarEvolution::ComputeBackedgeTakenCount(llvm::Loop const*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C729BD:
llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop const*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C85D88:
llvm::ScalarEvolution::getBackedgeTakenCount(llvm::Loop const*) (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1A62AB4: ??? (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1C14143: llvm::LPPassManager::runOnFunction(llvm::Function&)
(in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1DEAC8A: llvm::FPPassManager::runOnFunction(llvm::Function&)
(in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== by 0x1BA4F3C: ??? (in
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r151631-install/bin/clang)
==18440== If you believe this happened as a result of a stack
==18440== overflow in your program's main thread (unlikely but
==18440== possible), you can try to increase the size of the
==18440== main thread stack using the --main-stacksize= flag.
==18440== The main thread stack size used in this run was 8388608.
clang: error: unable to execute command: Segmentation fault
clang: error: clang frontend command failed due to signal (use -v to see
invocation)
clang: note: diagnostic msg: Please submit a bug report to
http://llvm.org/bugs/ and include command line arguments and all diagnostic
information.
clang: note: diagnostic msg: Preprocessed source(s) and associated run
script(s) are located at:
clang: note: diagnostic msg: /tmp/small-wM8TgZ.i
clang: note: diagnostic msg: /tmp/small-wM8TgZ.sh
[regehr at gamow 2]$
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list