[LLVMbugs] [Bug 16073] New: firefox compiled with clang 3.3 HEAD/trunk crashes when decoding certain PNGs

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon May 20 11:06:36 PDT 2013 

http://llvm.org/bugs/show_bug.cgi?id=16073

            Bug ID: 16073
           Summary: firefox compiled with clang 3.3 HEAD/trunk crashes
                    when decoding certain PNGs
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Register Allocator
          Assignee: unassignedbugs at nondot.org
          Reporter: froydnj at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

We (Mozilla) are evaluating clang 3.3 in hopes of being able to upgrade from
clang 3.2 when it is released.  Our automated builders say nearly all tests
pass, except for some crashes when decoding PNGs, seen here:

https://tbpl.mozilla.org/?tree=Try&rev=40507fc4e2a6

Since the crashes are occurring in both optimized and debug builds and the PNG
library (libpng 1.5.15) is well-tested, clang looks like the culprit.  I'm not
entirely sure what pass this is happening in, but since it happens at -O0 and
-O3, the register allocator seems like a reasonable choice.

I'll attach the preprocessed source (from an OS X 10.7 machine, compiled for
64-bit) and the bitcode file for the crashing routine (MOZ_PNG_combine_row,
targetting the same).  Our usual compilation options are:

-O3 -fno-omit-frame-pointer -fno-strict-aliasing

The full clang cc1 line is:

"/Users/froydnj/src/b33-llvm/Release/bin/clang" -cc1 -triple
x86_64-apple-macosx10.7.0 -S -disable-free -disable-llvm-verifier
-main-file-name pngrutil.c -mrelocation-model pic -pic-level 2
-mdisable-fp-elim -relaxed-aliasing -masm-verbose -munwind-tables -target-cpu
core2 -target-linker-version 133.3 -v -g -ffunction-sections -fdata-sections
-coverage-file /Users/froydnj/src/build33-mc-x8664/media/libpng/pngrutil.s
-resource-dir /Users/froydnj/src/b33-llvm/Release/bin/../lib/clang/3.3 -O3
-Wall -Wpointer-arith -Wdeclaration-after-statement -Werror=return-type
-Wtype-limits -Wempty-body -Wsign-compare -Wno-unused -std=gnu99
-fdebug-compilation-dir /Users/froydnj/src/build33-mc-x8664/media/libpng
-ferror-limit 19 -fmessage-length 132 -fvisibility hidden -pthread
-stack-protector 1 -mstackrealign -fblocks -fgnu89-inline
-fobjc-runtime=macosx-10.7.0 -fobjc-dispatch-method=mixed
-fobjc-default-synthesize-properties -fencode-extended-block-signature
-fdiagnostics-show-option -fcolor-diagnostics -backend-option -vectorize-loops
-o pngrutil.s -x cpp-output pngrutil.i

Please let me know if you need anything else.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20130520/ef13661e/attachment.html>

More information about the llvm-bugs mailing list