[PATCH] [lld][Core] Fix heap overflow in LayoutPass.
Michael Spencer
bigcheesegs at gmail.com
Wed Oct 2 16:01:15 PDT 2013
Hi shankarke,
Found this with asan. Code assumes that find doesn't return end, thus if both atoms didn't have followon roots it would still compare their positions.
Note that this has a side effect of changing the size of .bss for a few tests. I'm not sure why. But it doesn't impact test-suite at all.
http://llvm-reviews.chandlerc.com/D1815
Files:
lib/Passes/LayoutPass.cpp
test/elf/X86_64/largebss.test
test/elf/phdr.test
test/elf/quickdata.test
test/elf/sections.test
Index: lib/Passes/LayoutPass.cpp
===================================================================
--- lib/Passes/LayoutPass.cpp
+++ lib/Passes/LayoutPass.cpp
@@ -56,10 +56,12 @@
// Sort atoms by their ordinal overrides only if they fall in the same
// chain.
- const DefinedAtom *leftAtom = _layout._followOnRoots.find(left)->second;
- const DefinedAtom *rightAtom = _layout._followOnRoots.find(right)->second;
+ auto leftAtom = _layout._followOnRoots.find(left);
+ auto rightAtom = _layout._followOnRoots.find(right);
- if (leftAtom == rightAtom) {
+ if (leftAtom != _layout._followOnRoots.end() &&
+ rightAtom != _layout._followOnRoots.end() &&
+ leftAtom->second == rightAtom->second) {
if ((lPos != end) && (rPos != end)) {
return lPos->second < rPos->second;
}
Index: test/elf/X86_64/largebss.test
===================================================================
--- test/elf/X86_64/largebss.test
+++ test/elf/X86_64/largebss.test
@@ -5,17 +5,16 @@
RUN: lld -flavor gnu -target x86_64 %p/Inputs/largebss.o --output-filetype=yaml --noinhibit-exec | FileCheck %s
-
-CHECK: - name: largecommon
+CHECK: - name: largebss
CHECK: scope: global
CHECK: type: zero-fill
CHECK: size: 4000
-CHECK: merge: as-tentative
CHECK: section-name: .bss
-CHECK: - name: largebss
+CHECK: - name: largecommon
CHECK: scope: global
CHECK: type: zero-fill
CHECK: size: 4000
+CHECK: merge: as-tentative
CHECK: section-name: .bss
CHECK: - name: largetbss
CHECK: scope: global
Index: test/elf/phdr.test
===================================================================
--- test/elf/phdr.test
+++ test/elf/phdr.test
@@ -63,7 +63,7 @@
I386-NEXT: VirtualAddress: 0x4000
I386-NEXT: PhysicalAddress: 0x4000
I386-NEXT: FileSize: 4
-I386-NEXT: MemSize: 16392
+I386-NEXT: MemSize: 16389
I386-NEXT: Flags [ (0x6)
I386-NEXT: PF_R (0x4)
I386-NEXT: PF_W (0x2)
Index: test/elf/quickdata.test
===================================================================
--- test/elf/quickdata.test
+++ test/elf/quickdata.test
@@ -4,11 +4,11 @@
hexagon: - name: init
hexagon: scope: global
hexagon: type: quick-data
+hexagon: - name: bss1
+hexagon: scope: global
+hexagon: type: zero-fill-quick
hexagon: - name: ac1
hexagon: scope: global
hexagon: type: zero-fill-quick
hexagon: size: 1
hexagon: merge: as-tentative
-hexagon: - name: bss1
-hexagon: scope: global
-hexagon: type: zero-fill-quick
Index: test/elf/sections.test
===================================================================
--- test/elf/sections.test
+++ test/elf/sections.test
@@ -10,7 +10,7 @@
OBJDUMP: 2 .data 00000004 0000000000001000 DATA
OBJDUMP: 3 .special 00000004 0000000000001004 DATA
OBJDUMP: 4 .anotherspecial 00000004 0000000000001008 DATA
-OBJDUMP: 5 .bss 00000004 000000000000100c BSS
+OBJDUMP: 5 .bss 00000001 000000000000100c BSS
OBJDUMP: 6 .shstrtab {{[0-9a-f]+}} 0000000000000000
OBJDUMP: 7 .symtab {{[0-9a-f]+}} 0000000000000000
OBJDUMP: 8 .strtab {{[0-9a-f]+}} 0000000000000000
@@ -90,7 +90,7 @@
READOBJ: SHF_WRITE
READOBJ: ]
READOBJ: Address: 0x100C
-READOBJ: Size: 4
+READOBJ: Size: 1
READOBJ: }
READOBJ: Section {
READOBJ: Index: 6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D1815.1.patch
Type: text/x-patch
Size: 3665 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20131002/18928705/attachment.bin>
More information about the llvm-commits
mailing list