[LLVMbugs] [Bug 12962] New: ICE: segfault in FinalOverriderCollector::Collect (CXXInheritance.cpp)

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sun May 27 08:22:10 PDT 2012 

http://llvm.org/bugs/show_bug.cgi?id=12962

             Bug #: 12962
           Summary: ICE: segfault in FinalOverriderCollector::Collect
                    (CXXInheritance.cpp)
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: C++
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: zhezherun at yandex.ru
                CC: dgregor at apple.com, llvmbugs at cs.uiuc.edu
    Classification: Unclassified


clang 3.1 and trunk both contain a bug in FinalOverriderCollector::Collect
which causes a segfault (internal compiler error). Specifically, the reference
MyVirtualOverriders in CXXInheritance.cpp, line 507 may become invalidated by
the call to Collect on line 510 (if the map is rebucketed), so its use below in
line 513 is invalid and leads to a crash. Here is a proposed patch:


--- CXXInheritance.cpp  2012-04-12 12:44:50.000000000 +0100
+++ CXXInheritance.cpp  2012-05-27 14:10:58.000000000 +0100
@@ -504,12 +504,15 @@
       CXXFinalOverriderMap ComputedBaseOverriders;
       CXXFinalOverriderMap *BaseOverriders = &ComputedBaseOverriders;
       if (Base->isVirtual()) {
-        CXXFinalOverriderMap *&MyVirtualOverriders =
VirtualOverriders[BaseDecl];
+        CXXFinalOverriderMap *&MyVirtualOverridersRef =
VirtualOverriders[BaseDecl];
+        CXXFinalOverriderMap *MyVirtualOverriders = MyVirtualOverridersRef;
         if (!MyVirtualOverriders) {
-          MyVirtualOverriders = new CXXFinalOverriderMap;
+          MyVirtualOverridersRef = MyVirtualOverriders = new
CXXFinalOverriderMap;
           Collect(BaseDecl, true, BaseDecl, *MyVirtualOverriders);
         }

+        // Can't use MyVirtualOverridersRef here as the map could have been
+        // grown inside Collect() so the reference might be no longer valid.
         BaseOverriders = MyVirtualOverriders;
       } else
         Collect(BaseDecl, false, InVirtualSubobject, ComputedBaseOverriders);


I don't have a small example that reproduces the segfault (the code has a lot
of classes and a lot of instances of multiple and virtual inheritance), however
this patch fixes the segfault that I see.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list