[llvm-bugs] [Bug 25293] New: Overlapping memcpy in SmallVector.h (via SmallString::operator=())
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Oct 22 16:32:10 PDT 2015
https://llvm.org/bugs/show_bug.cgi?id=25293
Bug ID: 25293
Summary: Overlapping memcpy in SmallVector.h (via
SmallString::operator=())
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Support Libraries
Assignee: unassignedbugs at nondot.org
Reporter: mattipee at yahoo.co.uk
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
clang version 3.8.0 (http://llvm.org/git/clang.git
3a551363c4cdd54c939cd9cc969d45bc8f8e93d8) (http://llvm.org/git/llvm.git
ca4c86d2fd31ba4c23b9f3028e4f812713f230c6)
Target: x86_64-unknown-linux-gnu
Thread model: posix
==26255== Memcheck, a memory error detector
==26255== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==26255== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright
info
==26255== Command: clang++ --std=c++14 -I/usr/local/include -E -o
/tmp/56294cc2_0xffefffa30/testcase.ii /tmp/56294cc2_0xffefffa30/testcase.cpp
==26255==
==26255== Source and destination overlap in memcpy(0xffeffe7c0, 0xffeffe7c0,
42)
==26255== at 0x6D140CD: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:1018)
==26255== by 0x9E5724:
_ZN4llvm23SmallVectorTemplateBaseIcLb1EE18uninitialized_copyIKccEEvPT_S5_PT0_PNSt9enable_ifIXsr3std7is_sameINSt12remove_constIS4_E4typeES6_EE5valueEvE4typeE
(SmallVector.h:328)
==26255== by 0x9E55AA: void llvm::SmallVectorImpl<char>::append<char
const*>(char const*, char const*) (SmallVector.h:430)
==26255== by 0x9E586F: void llvm::SmallString<128u>::append<char
const*>(char const*, char const*) (SmallString.h:75)
==26255== by 0x9E5824: llvm::SmallString<128u>::operator+=(llvm::StringRef)
(SmallString.h:286)
==26255== by 0x9E5247: llvm::SmallString<128u>::operator=(llvm::StringRef)
(in /.../build-debug/bin/clang-3.8)
==26255== by 0x9DE90D: SetInstallDir(llvm::SmallVectorImpl<char const*>&,
clang::driver::Driver&, bool) (driver.cpp:293)
==26255== by 0x9DD74A: main (driver.cpp:435)
Suggested change:
diff --git a/include/llvm/ADT/SmallVector.h b/include/llvm/ADT/SmallVector.h
index d1062ac..d6f13f3 100644
--- a/include/llvm/ADT/SmallVector.h
+++ b/include/llvm/ADT/SmallVector.h
@@ -324,7 +324,7 @@ protected:
// iterators): std::uninitialized_copy optimizes to memmove, but we can
// use memcpy here. Note that I and E are iterators and thus might be
// invalid for memcpy if they are equal.
- if (I != E)
+ if (I != E && I != Dest)
memcpy(Dest, I, (E - I) * sizeof(T));
}
Looking further, I guess it's ok for SmallString to clear() the underlying
SmallVector in the assignment operator. Even though the "StringRef RHS"
returned by parent_path still points into the data being cleared, it's not
going to go anywhere as a parent path is always going to be shorter. Either
way, the overlapping memcpy could be avoided as above.
driver.cpp:293
InstalledPath = llvm::sys::path::parent_path(InstalledPath);
SmallString.h:280-288
const SmallString &operator=(StringRef RHS) {
this->clear();
return *this += RHS;
}
SmallString &operator+=(StringRef RHS) {
this->append(RHS.begin(), RHS.end());
return *this;
}
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151022/f671bc79/attachment.html>
More information about the llvm-bugs
mailing list