[llvm-bugs] [Bug 24644] New: Method Verifier::visitAliaseeSubExpr stack overflows

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Aug 31 14:29:02 PDT 2015 

https://llvm.org/bugs/show_bug.cgi?id=24644

            Bug ID: 24644
           Summary: Method Verifier::visitAliaseeSubExpr stack overflows
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: kschimpf at google.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 14800
  --> https://llvm.org/bugs/attachment.cgi?id=14800&action=edit
Assembly file

See attached for test case (bug1.ll).

This bug was found using afl-fuzz.

To see error: build llvm-as using the following steps:

% cmake -GNinja  -DLLVM_USE_SANITIZER=Address -DLLVM_USE_SANITIZE_COVERAGE=YES
-DCMAKE_BUILD_TYPE=Release /path/to/llvm

% ninja bin/llvm-as

Then run:

bin/llvm-as bug1.ll -o /dev/null

The output is:

ASAN:DEADLYSIGNAL
=================================================================
==24746==ERROR: AddressSanitizer: stack-overflow on address 0x7ffef9709fa0 (pc
0x000000b0c4e5 bp 0x7ffef970a090 sp 0x7ffef9709fa0 T0)
    #0 0xb0c4e4 in (anonymous
namespace)::Verifier::VerifyConstantExprBitcastType(llvm::ConstantExpr const*)
/workspace/llvm-dev/llvm/lib/IR/Verifier.cpp:1500
    #1 0xb48d23 in (anonymous
namespace)::Verifier::visitAliaseeSubExpr(llvm::SmallPtrSetImpl<llvm::GlobalAlias
const*>&, llvm::GlobalAlias const&, llvm::Constant const&)
/workspace/llvm-dev/llvm/lib/IR/Verifier.cpp:584:5
    #2 0xb491df in (anonymous
namespace)::Verifier::visitAliaseeSubExpr(llvm::SmallPtrSetImpl<llvm::GlobalAlias
const*>&, llvm::GlobalAlias const&, llvm::Constant const&)
/workspace/llvm-dev/llvm/lib/IR/Verifier.cpp:591:7
...
    #249 0xb491df in (anonymous
namespace)::Verifier::visitAliaseeSubExpr(llvm::SmallPtrSetImpl<llvm::GlobalAlias
const*>&, llvm::GlobalAlias const&, llvm::Constant const&)
/workspace/llvm-dev/llvm/lib/IR/Verifier.cpp:591:7
    #250 0xb491df in (anonymous
namespace)::Verifier::visitAliaseeSubExpr(llvm::SmallPtrSetImpl<llvm::GlobalAlias
const*>&, llvm::GlobalAlias const&, llvm::Constant const&)
/workspace/llvm-dev/llvm/lib/IR/Verifier.cpp:591:7 
    #251 0xb491df in (anonymous
namespace)::Verifier::visitAliaseeSubExpr(llvm::SmallPtrSetImpl<llvm::GlobalAlias
const*>&, llvm::GlobalAlias const&, llvm::Constant const&)
/workspace/llvm-dev/llvm/lib/IR/Verifier.cpp:591:7

SUMMARY: AddressSanitizer: stack-overflow
/workspace/llvm-dev/llvm/lib/IR/Verifier.cpp:1500 in (anonymous
namespace)::Verifier::VerifyConstantExprBitcastType(llvm::ConstantExpr const*)
==24746==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150831/c11f3e99/attachment.html>

More information about the llvm-bugs mailing list