[llvm] r284220 - Fix use-after-frees
Nicolai Haehnle via llvm-commits
llvm-commits at lists.llvm.org
Fri Oct 14 02:49:51 PDT 2016
Author: nha
Date: Fri Oct 14 04:49:51 2016
New Revision: 284220
URL: http://llvm.org/viewvc/llvm-project?rev=284220&view=rev
Log:
Fix use-after-frees
Extracted from D25313, as suggested by Justin Bogner.
Modified:
llvm/trunk/include/llvm/CodeGen/SelectionDAGNodes.h
llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp
Modified: llvm/trunk/include/llvm/CodeGen/SelectionDAGNodes.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/CodeGen/SelectionDAGNodes.h?rev=284220&r1=284219&r2=284220&view=diff
==============================================================================
--- llvm/trunk/include/llvm/CodeGen/SelectionDAGNodes.h (original)
+++ llvm/trunk/include/llvm/CodeGen/SelectionDAGNodes.h Fri Oct 14 04:49:51 2016
@@ -924,7 +924,10 @@ public:
inline SDValue::SDValue(SDNode *node, unsigned resno)
: Node(node), ResNo(resno) {
- assert((!Node || ResNo < Node->getNumValues()) &&
+ // Explicitly check for !ResNo to avoid use-after-free, because there are
+ // callers that use SDValue(N, 0) with a deleted N to indicate successful
+ // combines.
+ assert((!Node || !ResNo || ResNo < Node->getNumValues()) &&
"Invalid result number for the given node!");
assert(ResNo < -2U && "Cannot use result numbers reserved for DenseMaps.");
}
Modified: llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp?rev=284220&r1=284219&r2=284220&view=diff
==============================================================================
--- llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp (original)
+++ llvm/trunk/lib/CodeGen/SelectionDAG/DAGCombiner.cpp Fri Oct 14 04:49:51 2016
@@ -2262,8 +2262,8 @@ SDValue DAGCombiner::useDivRem(SDNode *N
SDValue Op1 = Node->getOperand(1);
SDValue combined;
for (SDNode::use_iterator UI = Op0.getNode()->use_begin(),
- UE = Op0.getNode()->use_end(); UI != UE; ++UI) {
- SDNode *User = *UI;
+ UE = Op0.getNode()->use_end(); UI != UE;) {
+ SDNode *User = *UI++;
if (User == Node || User->use_empty())
continue;
// Convert the other matching node(s), too;
More information about the llvm-commits
mailing list