[llvm] r223858 - IR: Fix memory corruption in MDNode new/delete
David Blaikie
dblaikie at gmail.com
Tue Dec 9 17:31:09 PST 2014
On Tue, Dec 9, 2014 at 3:56 PM, Duncan P. N. Exon Smith <
dexonsmith at apple.com> wrote:
> Author: dexonsmith
> Date: Tue Dec 9 17:56:39 2014
> New Revision: 223858
>
> URL: http://llvm.org/viewvc/llvm-project?rev=223858&view=rev
> Log:
> IR: Fix memory corruption in MDNode new/delete
>
> There were two major problems with `MDNode` memory management.
>
> 1. `MDNode::operator new()` called a placement array constructor for
> `MDOperand`. What? Each operand needs to be placed individually.
>
Why do they need to be placed individually?
>
> 2. `MDNode::operator delete()` failed to destruct the `MDOperand`s at
> all.
>
> Frankly it's hard to understand how this worked locally, how this
> survived an LTO bootstrap, or how it worked on most of the bots.
>
> Modified:
> llvm/trunk/lib/IR/Metadata.cpp
>
> Modified: llvm/trunk/lib/IR/Metadata.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/IR/Metadata.cpp?rev=223858&r1=223857&r2=223858&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/IR/Metadata.cpp (original)
> +++ llvm/trunk/lib/IR/Metadata.cpp Tue Dec 9 17:56:39 2014
> @@ -378,14 +378,18 @@ StringRef MDString::getString() const {
>
> void *MDNode::operator new(size_t Size, unsigned NumOps) {
> void *Ptr = ::operator new(Size + NumOps * sizeof(MDOperand));
> - MDOperand *First = new (Ptr) MDOperand[NumOps];
> - return First + NumOps;
> + MDOperand *O = static_cast<MDOperand *>(Ptr);
> + for (MDOperand *E = O + NumOps; O != E; ++O)
> + (void)new (O) MDOperand;
> + return O;
> }
>
> void MDNode::operator delete(void *Mem) {
> MDNode *N = static_cast<MDNode *>(Mem);
> - MDOperand *Last = static_cast<MDOperand *>(Mem);
> - ::operator delete(Last - N->NumOperands);
> + MDOperand *O = static_cast<MDOperand *>(Mem);
> + for (MDOperand *E = O - N->NumOperands; O != E; --O)
> + (O - 1)->~MDOperand();
> + ::operator delete(O);
> }
>
> MDNode::MDNode(LLVMContext &Context, unsigned ID, ArrayRef<Metadata *>
> MDs)
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20141209/58abd852/attachment.html>
More information about the llvm-commits
mailing list