[LLVMbugs] [Bug 12305] New: heap-use-after-free in clang::CodeGen::CGDebugInfo::CreateType
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Mon Mar 19 09:32:23 PDT 2012
http://llvm.org/bugs/show_bug.cgi?id=12305
Bug #: 12305
Summary: heap-use-after-free in
clang::CodeGen::CGDebugInfo::CreateType
Product: new-bugs
Version: trunk
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: new bugs
AssignedTo: unassignedbugs at nondot.org
ReportedBy: kcc at google.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
Created attachment 8234
--> http://llvm.org/bugs/attachment.cgi?id=8234
reproducer
The test case is minimized by c_reduce from googletest code.
r153038, linux x86_64
% clang -c -O2 -g asan.cc
(use after-free can be found by AddressSanitizer and by Valgrind)
==10086== ERROR: AddressSanitizer heap-use-after-free on address 0x7f040d3d4890
at pc 0x1043c91c bp 0x7fff3832c4b0 sp 0x7fff3832c4a8
READ of size 8 at 0x7f040d3d4890 thread T0
#0 0x1043c91c in llvm::Value::getContext() const lib/VMCore/Value.cpp:466
#1 0x1043d3ff in llvm::ValueHandleBase::AddToUseList()
lib/VMCore/Value.cpp:501
#2 0x1c52692 in
llvm::ValueHandleBase::ValueHandleBase(llvm::ValueHandleBase::HandleBaseKind,
llvm::Value*) include/llvm/Support/ValueHandle.h:66
#3 0x1c5237d in llvm::WeakVH::WeakVH(llvm::Value*)
include/llvm/Support/ValueHandle.h:137
#4 0x1b40228 in llvm::WeakVH::WeakVH(llvm::Value*)
include/llvm/Support/ValueHandle.h:137
#5 0x1f30766 in clang::CodeGen::CGDebugInfo::CreateType(clang::RecordType
const*) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1230
#6 0x1f411b1 in clang::CodeGen::CGDebugInfo::CreateTypeNode(clang::QualType,
llvm::DIFile) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1697
#7 0x1f0239b in
clang::CodeGen::CGDebugInfo::getOrCreateType(clang::QualType, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1646
#8 0x1f2aa53 in
clang::CodeGen::CGDebugInfo::CollectTemplateParams(clang::TemplateParameterList
const*, clang::TemplateArgumentList const&, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1052
#9 0x1f2c3a5 in
clang::CodeGen::CGDebugInfo::CollectCXXTemplateParams(clang::ClassTemplateSpecializationDecl
const*, llvm::DIFile) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1095
#10 0x1f30159 in clang::CodeGen::CGDebugInfo::CreateType(clang::RecordType
const*) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1209
#11 0x1f411b1 in
clang::CodeGen::CGDebugInfo::CreateTypeNode(clang::QualType, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1697
#12 0x1f0239b in
clang::CodeGen::CGDebugInfo::getOrCreateType(clang::QualType, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1646
#13 0x1f005da in
clang::CodeGen::CGDebugInfo::getContextDescriptor(clang::Decl const*)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:107
#14 0x1f464f7 in
clang::CodeGen::CGDebugInfo::getFunctionDeclaration(clang::Decl const*)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1878
#15 0x1f4ba18 in
clang::CodeGen::CGDebugInfo::EmitFunctionStart(clang::GlobalDecl,
clang::QualType, llvm::Function*, llvm::IRBuilder<true, llvm::ConstantFolder,
llvm::IRBuilderDefaultInserter<true> >&)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1996
#16 0x26a144c in
clang::CodeGen::CodeGenFunction::StartFunction(clang::GlobalDecl,
clang::QualType, llvm::Function*, clang::CodeGen::CGFunctionInfo const&,
clang::CodeGen::FunctionArgList const&, clang::SourceLocation)
tools/clang/lib/CodeGen/CodeGen»
#17 0x26a74c7 in
clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl,
llvm::Function*, clang::CodeGen::CGFunctionInfo const&)
tools/clang/lib/CodeGen/CodeGenFunction.cpp:441
#18 0x19fe3f0 in
clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl)
tools/clang/lib/CodeGen/CodeGenModule.cpp:1799
#19 0x19ed2be in
clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl)
tools/clang/lib/CodeGen/CodeGenModule.cpp:963
#20 0x19db411 in clang::CodeGen::CodeGenModule::EmitDeferred()
tools/clang/lib/CodeGen/CodeGenModule.cpp:678
#21 0x19da55d in clang::CodeGen::CodeGenModule::Release()
tools/clang/lib/CodeGen/CodeGenModule.cpp:152
#22 0x19be65a in (anonymous
namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&)
tools/clang/lib/CodeGen/ModuleBuilder.cpp:102
0x7f040d3d4890 is located 16 bytes inside of 616-byte region
[0x7f040d3d4880,0x7f040d3d4ae8)
freed by thread T0 here:
#0 0x1085e102 in free ??:0
#1 0x102b64d6 in llvm::MDNode::destroy() lib/VMCore/Metadata.cpp:186
#2 0x102b34c4 in llvm::MDNode::replaceOperand(llvm::MDNodeOperand*,
llvm::Value*) lib/VMCore/Metadata.cpp:356
#3 0x102b426b in llvm::MDNode::replaceOperandWith(unsigned int,
llvm::Value*) lib/VMCore/Metadata.cpp:93
#4 0x1f30642 in clang::CodeGen::CGDebugInfo::CreateType(clang::RecordType
const*) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1227
#5 0x1f411b1 in clang::CodeGen::CGDebugInfo::CreateTypeNode(clang::QualType,
llvm::DIFile) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1697
#6 0x1f0239b in
clang::CodeGen::CGDebugInfo::getOrCreateType(clang::QualType, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1646
#7 0x1f2aa53 in
clang::CodeGen::CGDebugInfo::CollectTemplateParams(clang::TemplateParameterList
const*, clang::TemplateArgumentList const&, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1052
#8 0x1f2c3a5 in
clang::CodeGen::CGDebugInfo::CollectCXXTemplateParams(clang::ClassTemplateSpecializationDecl
const*, llvm::DIFile) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1095
#9 0x1f30159 in clang::CodeGen::CGDebugInfo::CreateType(clang::RecordType
const*) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1209
#10 0x1f411b1 in
clang::CodeGen::CGDebugInfo::CreateTypeNode(clang::QualType, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1697
#11 0x1f0239b in
clang::CodeGen::CGDebugInfo::getOrCreateType(clang::QualType, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1646
#12 0x1f005da in
clang::CodeGen::CGDebugInfo::getContextDescriptor(clang::Decl const*)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:107
#13 0x1f464f7 in
clang::CodeGen::CGDebugInfo::getFunctionDeclaration(clang::Decl const*)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1878
#14 0x1f4ba18 in
clang::CodeGen::CGDebugInfo::EmitFunctionStart(clang::GlobalDecl,
clang::QualType, llvm::Function*, llvm::IRBuilder<true, llvm::ConstantFolder,
llvm::IRBuilderDefaultInserter<true> >&)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1996
#15 0x26a144c in
clang::CodeGen::CodeGenFunction::StartFunction(clang::GlobalDecl,
clang::QualType, llvm::Function*, clang::CodeGen::CGFunctionInfo const&,
clang::CodeGen::FunctionArgList const&, clang::SourceLocation)
tools/clang/lib/CodeGen/CodeGen»
#16 0x26a74c7 in
clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl,
llvm::Function*, clang::CodeGen::CGFunctionInfo const&)
tools/clang/lib/CodeGen/CodeGenFunction.cpp:441
#17 0x19fe3f0 in
clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl)
tools/clang/lib/CodeGen/CodeGenModule.cpp:1799
#18 0x19ed2be in
clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl)
tools/clang/lib/CodeGen/CodeGenModule.cpp:963
#19 0x19db411 in clang::CodeGen::CodeGenModule::EmitDeferred()
tools/clang/lib/CodeGen/CodeGenModule.cpp:678
#20 0x19da55d in clang::CodeGen::CodeGenModule::Release()
tools/clang/lib/CodeGen/CodeGenModule.cpp:152
#21 0x19be65a in (anonymous
namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&)
tools/clang/lib/CodeGen/ModuleBuilder.cpp:102
previously allocated by thread T0 here:
#0 0x1085e1c2 in malloc ??:0
#1 0x102b7003 in llvm::MDNode::getMDNode(llvm::LLVMContext&,
llvm::ArrayRef<llvm::Value*>, llvm::MDNode::FunctionLocalness, bool)
lib/VMCore/Metadata.cpp:234
#2 0x102b7ff2 in llvm::MDNode::get(llvm::LLVMContext&,
llvm::ArrayRef<llvm::Value*>) lib/VMCore/Metadata.cpp:244
#3 0xf130365 in llvm::DIBuilder::createClassType(llvm::DIDescriptor,
llvm::StringRef, llvm::DIFile, unsigned int, unsigned long, unsigned long,
unsigned long, unsigned int, llvm::DIType, llvm::DIArray, llvm::MDNode*,
llvm::MDNode*) lib/Analysis/DIBui»
#4 0x1f43ebd in
clang::CodeGen::CGDebugInfo::CreateLimitedType(clang::RecordType const*)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1804
#5 0x1f41c78 in
clang::CodeGen::CGDebugInfo::CreateLimitedTypeNode(clang::QualType,
llvm::DIFile) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1851
#6 0x1f0fd30 in
clang::CodeGen::CGDebugInfo::getOrCreateLimitedType(clang::QualType,
llvm::DIFile) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1758
#7 0x1f2f916 in clang::CodeGen::CGDebugInfo::CreateType(clang::RecordType
const*) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1172
#8 0x1f411b1 in clang::CodeGen::CGDebugInfo::CreateTypeNode(clang::QualType,
llvm::DIFile) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1697
#9 0x1f0239b in
clang::CodeGen::CGDebugInfo::getOrCreateType(clang::QualType, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1646
#10 0x1f2aa53 in
clang::CodeGen::CGDebugInfo::CollectTemplateParams(clang::TemplateParameterList
const*, clang::TemplateArgumentList const&, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1052
#11 0x1f2c3a5 in
clang::CodeGen::CGDebugInfo::CollectCXXTemplateParams(clang::ClassTemplateSpecializationDecl
const*, llvm::DIFile) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1095
#12 0x1f30159 in clang::CodeGen::CGDebugInfo::CreateType(clang::RecordType
const*) tools/clang/lib/CodeGen/CGDebugInfo.cpp:1209
#13 0x1f411b1 in
clang::CodeGen::CGDebugInfo::CreateTypeNode(clang::QualType, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1697
#14 0x1f0239b in
clang::CodeGen::CGDebugInfo::getOrCreateType(clang::QualType, llvm::DIFile)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1646
#15 0x1f005da in
clang::CodeGen::CGDebugInfo::getContextDescriptor(clang::Decl const*)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:107
#16 0x1f464f7 in
clang::CodeGen::CGDebugInfo::getFunctionDeclaration(clang::Decl const*)
tools/clang/lib/CodeGen/CGDebugInfo.cpp:1878
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list