[llvm] r243927 - [UB] Fix a nasty place where we would pass null pointers to memcpy.

Hans Wennborg via llvm-commits llvm-commits at lists.llvm.org
Thu Aug 6 09:04:01 PDT 2015 

Merged in r244224.

On Mon, Aug 3, 2015 at 6:17 PM, Chandler Carruth <chandlerc at gmail.com> wrote:
> Should probably pull this into the release as it fixes something that could
> miscompile in the future with a new host compiler.
>
> On Mon, Aug 3, 2015 at 5:49 PM Chandler Carruth <chandlerc at gmail.com> wrote:
>>
>> Author: chandlerc
>> Date: Mon Aug  3 19:44:07 2015
>> New Revision: 243927
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=243927&view=rev
>> Log:
>> [UB] Fix a nasty place where we would pass null pointers to memcpy.
>>
>> This happens to work, but is not guaranteed to work. Indeed, most memcpy
>> interfaces in Linux-land annotate these arguments as nonnull, and GCC
>> and LLVM both can and do optimized based upon that. When they do so,
>> they might legitimately have miscompiled code calling this routine with
>> two valid iterators, 'nullptr' and 'nullptr'. There was even code doing
>> precisely this because StringRef().begin() and StringRef().end() both
>> produce null pointers.
>>
>> This was found by UBSan.
>>
>> Modified:
>>     llvm/trunk/include/llvm/ADT/SmallVector.h
>>
>> Modified: llvm/trunk/include/llvm/ADT/SmallVector.h
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/ADT/SmallVector.h?rev=243927&r1=243926&r2=243927&view=diff
>>
>> ==============================================================================
>> --- llvm/trunk/include/llvm/ADT/SmallVector.h (original)
>> +++ llvm/trunk/include/llvm/ADT/SmallVector.h Mon Aug  3 19:44:07 2015
>> @@ -315,8 +315,10 @@ protected:
>>                                             T2>::value>::type * = nullptr)
>> {
>>      // Use memcpy for PODs iterated by pointers (which includes
>> SmallVector
>>      // iterators): std::uninitialized_copy optimizes to memmove, but we
>> can
>> -    // use memcpy here.
>> -    memcpy(Dest, I, (E-I)*sizeof(T));
>> +    // use memcpy here. Note that I and E are iterators and thus might be
>> +    // invalid for memcpy if they are equal.
>> +    if (I != E)
>> +      memcpy(Dest, I, (E - I) * sizeof(T));
>>    }
>>
>>    /// Double the size of the allocated memory, guaranteeing space for at
>>
>>
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits

More information about the llvm-commits mailing list