[LLVMbugs] [Bug 22267] New: heap-use-after-free

Tue Jan 20 08:57:27 PST 2015

http://llvm.org/bugs/show_bug.cgi?id=22267

            Bug ID: 22267
           Summary: heap-use-after-free
           Product: lld
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: rafael.espindola at gmail.com
                CC: kledzik at apple.com, llvmbugs at cs.uiuc.edu,
                    ruiu at google.com
    Classification: Unclassified

Running tests with asan that pecoff/seh.test fails:

READ of size 1 at 0x60200000bfb0 thread T0
    #0 0x984b14 in llvm::yaml::MappingTraits<lld::DefinedAtom
const*>::NormalizedAtom::NormalizedAtom(llvm::yaml::IO&, lld::DefinedAtom
const*)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:832:22
    #1 0x97a238 in
llvm::yaml::MappingNormalizationHeap<llvm::yaml::MappingTraits<lld::DefinedAtom
const*>::NormalizedAtom, lld::DefinedAtom
const*>::MappingNormalizationHeap(llvm::yaml::IO&, lld::DefinedAtom const*&)
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:830:16
    #2 0x9798cd in llvm::yaml::MappingTraits<lld::DefinedAtom
const*>::mapping(llvm::yaml::IO&, lld::DefinedAtom const*&)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:931:72
    #3 0x9792e7 in
_ZN4llvm4yaml7yamlizeIPKN3lld11DefinedAtomEEENSt9enable_ifIXsr24unvalidatedMappingTraitsIT_EE5valueEvE4typeERNS0_2IOERS7_b
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:656:3
    #4 0x979164 in
_ZN4llvm4yaml7yamlizeIN12_GLOBAL__N_18AtomListIN3lld11DefinedAtomEEEEENSt9enable_ifIXsr18has_SequenceTraitsIT_EE5valueEvE4typeERNS0_2IOERS8_b
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:687:9
    #5 0x978f18 in void llvm::yaml::IO::processKey<(anonymous
namespace)::AtomList<lld::DefinedAtom> >(char const*, (anonymous
namespace)::AtomList<lld::DefinedAtom>&, bool)
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:579:7
    #6 0x96eef4 in
_ZN4llvm4yaml2IO11mapOptionalIN12_GLOBAL__N_18AtomListIN3lld11DefinedAtomEEEEENSt9enable_ifIXsr18has_SequenceTraitsIT_EE5valueEvE4typeEPKcRS9_
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:517:5
    #7 0x96e9f6 in llvm::yaml::MappingTraits<lld::File
const*>::mappingAtoms(llvm::yaml::IO&, lld::File const*&)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:727:5
    #8 0x96e813 in llvm::yaml::MappingTraits<lld::File
const*>::mapping(llvm::yaml::IO&, lld::File const*&)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:717:7
    #9 0x96da57 in
_ZN4llvm4yaml7yamlizeIPKN3lld4FileEEENSt9enable_ifIXsr24unvalidatedMappingTraitsIT_EE5valueEvE4typeERNS0_2IOERS7_b
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:656:3
    #10 0x98bbaf in
_ZN4llvm4yamllsIPKN3lld4FileEEENSt9enable_ifIXsr17has_MappingTraitsIT_EE5valueERNS0_6OutputEE4typeES9_RS7_
/home/espindola/llvm/llvm/include/llvm/Support/YAMLTraits.h:1200:5
    #11 0x98ba40 in lld::yaml::Writer::writeFile(lld::File const&,
llvm::StringRef)
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/YAML/ReaderWriterYAML.cpp:1281:5
    #12 0x903805 in
lld::RoundTripYAMLPass::perform(std::unique_ptr<lld::MutableFile,
std::default_delete<lld::MutableFile> >&)
/home/espindola/llvm/llvm/tools/lld/lib/Passes/RoundTripYAMLPass.cpp:37:3
    #13 0x522257 in
lld::PassManager::runOnFile(std::unique_ptr<lld::MutableFile,
std::default_delete<lld::MutableFile> >&)
/home/espindola/llvm/llvm/tools/lld/include/lld/Core/PassManager.h:36:7
    #14 0x521532 in lld::Driver::link(lld::LinkingContext&, llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/Driver.cpp:123:3
    #15 0x4d92f9 in lld::WinLinkDriver::linkPECOFF(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/WinLinkDriver.cpp:873:10
    #16 0x4d4f6e in lld::UniversalDriver::link(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/UniversalDriver.cpp:207:12
    #17 0x4d47b7 in main
/home/espindola/llvm/llvm/tools/lld/tools/lld/lld.cpp:35:10
    #18 0x7f2d13eb4fdf in __libc_start_main (/lib64/libc.so.6+0x1ffdf)
    #19 0x42edd1 in _start
(/home/espindola/llvm/build-dbg-asan/bin/lld+0x42edd1)

0x60200000bfb0 is located 0 bytes inside of 8-byte region
[0x60200000bfb0,0x60200000bfb8)
freed by thread T0 here:
    #0 0x4d3ec2 in operator delete(void*)
/home/espindola/llvm/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:94:3
    #1 0x562724 in (anonymous namespace)::FileCOFF::maybeCreateSXDataAtoms()
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/PECOFF/ReaderCOFF.cpp:1027:1
    #2 0x55df1e in (anonymous namespace)::FileCOFF::doParse()
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/PECOFF/ReaderCOFF.cpp:367:28
    #3 0x9053d5 in lld::File::parse()
/home/espindola/llvm/llvm/tools/lld/lib/Core/File.cpp:26:18
    #4 0x90be47 in lld::Resolver::resolveUndefines()
/home/espindola/llvm/llvm/tools/lld/lib/Core/Resolver.cpp:299:30
    #5 0x90f075 in lld::Resolver::resolve()
/home/espindola/llvm/llvm/tools/lld/lib/Core/Resolver.cpp:475:8
    #6 0x521419 in lld::Driver::link(lld::LinkingContext&, llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/Driver.cpp:106:8
    #7 0x4d92f9 in lld::WinLinkDriver::linkPECOFF(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/WinLinkDriver.cpp:873:10
    #8 0x4d4f6e in lld::UniversalDriver::link(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/UniversalDriver.cpp:207:12
    #9 0x4d47b7 in main
/home/espindola/llvm/llvm/tools/lld/tools/lld/lld.cpp:35:10
    #10 0x7f2d13eb4fdf in __libc_start_main (/lib64/libc.so.6+0x1ffdf)

previously allocated by thread T0 here:
    #0 0x4d3902 in operator new(unsigned long)
/home/espindola/llvm/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:62:35
    #1 0x54eff1 in std::_Vector_base<unsigned char, std::allocator<unsigned
char> >::_M_create_storage(unsigned long)
/usr/lib/gcc/x86_64-redhat-linux/4.9.2/../../../../include/c++/4.9.2/bits/stl_vector.h:185:27
    #2 0x5673b7 in std::vector<unsigned char, std::allocator<unsigned char>
>::vector(std::vector<unsigned char, std::allocator<unsigned char> > const&)
/usr/lib/gcc/x86_64-redhat-linux/4.9.2/../../../../include/c++/4.9.2/bits/stl_vector.h:321:7
    #3 0x5623bc in (anonymous namespace)::FileCOFF::maybeCreateSXDataAtoms()
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/PECOFF/ReaderCOFF.cpp:992:24
    #4 0x55df1e in (anonymous namespace)::FileCOFF::doParse()
/home/espindola/llvm/llvm/tools/lld/lib/ReaderWriter/PECOFF/ReaderCOFF.cpp:367:28
    #5 0x9053d5 in lld::File::parse()
/home/espindola/llvm/llvm/tools/lld/lib/Core/File.cpp:26:18
    #6 0x90be47 in lld::Resolver::resolveUndefines()
/home/espindola/llvm/llvm/tools/lld/lib/Core/Resolver.cpp:299:30
    #7 0x90f075 in lld::Resolver::resolve()
/home/espindola/llvm/llvm/tools/lld/lib/Core/Resolver.cpp:475:8
    #8 0x521419 in lld::Driver::link(lld::LinkingContext&, llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/Driver.cpp:106:8
    #9 0x4d92f9 in lld::WinLinkDriver::linkPECOFF(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/WinLinkDriver.cpp:873:10
    #10 0x4d4f6e in lld::UniversalDriver::link(int, char const**,
llvm::raw_ostream&)
/home/espindola/llvm/llvm/tools/lld/lib/Driver/UniversalDriver.cpp:207:12
    #11 0x4d47b7 in main
/home/espindola/llvm/llvm/tools/lld/tools/lld/lld.cpp:35:10
    #12 0x7f2d13eb4fdf in __libc_start_main (/lib64/libc.so.6+0x1ffdf)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150120/fc43bfed/attachment.html>