[llvm-bugs] [Bug 51628] New: [llvm-profdata] llvm-profdata will OOM when input file is corrupted.

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Aug 25 15:30:55 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=51628

            Bug ID: 51628
           Summary: [llvm-profdata] llvm-profdata will OOM when input file
                    is corrupted.
           Product: tools
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: support scripts
          Assignee: unassignedbugs at nondot.org
          Reporter: haoweiwu1991 at gmail.com
                CC: greg.bedwell at sony.com, i at maskray.me,
                    llvm-bugs at lists.llvm.org

We discovered that llvm-profdata will crash with OOM when trying to merge a
corrupted profraw data. The corrupted file was caused by a bug fixed in
https://reviews.llvm.org/D108608. Still, llvm-profdata shouldn't crash with OOM
issue even though the input file is not legit, it should print an error message
and exit. This problem should be fixed.

Steps for reproduction:

```
$ ./clang -v
Debian clang version 11.0.1-2
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/7.5.0
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/9
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/10
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64

$ ./llvm-profdata merge -failure-mode=any -output=/tmp/out.profdata
input.profraw
LLVM ERROR: out of memory
Allocation failed
[1]    3126428 abort      ./llvm-profdata merge -failure-mode=any
-output=/tmp/out.profdata

```

ASAN traces:

```
$ ASAN_SYMBOLIZER_PATH=./llvm-symbolizer
~/llvm-monorepo/llvm-build-2-custom/bin/llvm-profdata merge -failure-mode=all
-output=/tmp/out.profdata input.profraw
=================================================================
==1842102==ERROR: AddressSanitizer: allocator is out of memory trying to
allocate 0x6ebbe1a2e0 bytes
    #0 0x4ced7d in malloc
../staging/llvm_build/tools/clang/stage2-bins/runtimes/runtimes-x86_64-unknown-linux-gnu-bins/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
    #1 0xb769c3 in safe_malloc
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/Support/MemAlloc.h:26:18
    #2 0xb769c3 in llvm::SmallVectorBase<unsigned long>::grow_pod(void*,
unsigned long, unsigned long)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/Support/SmallVector.cpp:115:15
    #3 0xac51bc in grow_pod
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/ADT/SmallVector.h:124:11
    #4 0xac51bc in grow
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/ADT/SmallVector.h:510:41
    #5 0xac51bc in reserve
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/ADT/SmallVector.h:626:13
    #6 0xac51bc in llvm::zlib::uncompress(llvm::StringRef,
llvm::SmallVectorImpl<char>&, unsigned long)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/Support/Compression.cpp:77:22
    #7 0x9587f6 in llvm::readPGOFuncNameStrings(llvm::StringRef,
llvm::InstrProfSymtab&)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProf.cpp:478:15
    #8 0x98086c in create
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/include/llvm/ProfileData/InstrProf.h:534:10
    #9 0x98086c in llvm::RawInstrProfReader<unsigned
long>::createSymtab(llvm::InstrProfSymtab&)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:351:24
    #10 0x97da25 in llvm::RawInstrProfReader<unsigned
long>::readHeader(llvm::RawInstrProf::Header const&)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:406:17
    #11 0x97d45b in llvm::RawInstrProfReader<unsigned long>::readHeader()
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:320:10
    #12 0x96f87b in initializeReader
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:51:17
    #13 0x96f87b in
llvm::InstrProfReader::create(std::__2::unique_ptr<llvm::MemoryBuffer,
std::__2::default_delete<llvm::MemoryBuffer> >)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:86:17
    #14 0x96f15d in llvm::InstrProfReader::create(llvm::Twine const&)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/lib/ProfileData/InstrProfReader.cpp:60:10
    #15 0x539ba8 in loadInput(WeightedFile const&, (anonymous
namespace)::SymbolRemapper*, WriterContext*)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/tools/llvm-profdata/llvm-profdata.cpp:243:22
    #16 0x5158a0 in mergeInstrProfile
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/tools/llvm-profdata/llvm-profdata.cpp:354:7
    #17 0x5158a0 in merge_main(int, char const**)
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/tools/llvm-profdata/llvm-profdata.cpp:984:5
    #18 0x5066dd in main
/usr/local/google/home/user/llvm-monorepo/llvm-project-2/llvm/tools/llvm-profdata/llvm-profdata.cpp:2558:14
    #19 0x7f42bb638d09 in __libc_start_main csu/../csu/libc-start.c:308:16
```


input.profraw can be downloaded from:
https://drive.google.com/file/d/1-ZgZsrZyoenykWLB3C6nLIl3q_XZRYRl/view?usp=sharing

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210825/7f531a76/attachment-0001.html>

More information about the llvm-bugs mailing list