[PATCH] D105061: [IR] Fix replaceUsesWithIf ponetial issue with constants
Stanislav Mekhanoshin via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Jun 28 13:50:03 PDT 2021
rampitec created this revision.
rampitec added a reviewer: efriedma.
Herald added subscribers: dexonsmith, hiraditya.
rampitec requested review of this revision.
Herald added a project: LLVM.
There can be a use after free in the Value::replaceUsesWithIf()
if two uses point to the same constant. Patch defers handling
of the constants past the iterator scan.
Another potential issue is that handleOperandChange updates all
the uses in a given Constant, not just the one passed to
ShouldReplace. Added a FIXME comment.
Both issues are not currently exploitable as the only use of
this call with constants avoids it.
https://reviews.llvm.org/D105061
Files:
llvm/lib/IR/Value.cpp
Index: llvm/lib/IR/Value.cpp
===================================================================
--- llvm/lib/IR/Value.cpp
+++ llvm/lib/IR/Value.cpp
@@ -531,6 +531,8 @@
assert(New->getType() == getType() &&
"replaceUses of value with new value of different type!");
+ SetVector<Constant*> Consts;
+
for (use_iterator UI = use_begin(), E = use_end(); UI != E;) {
Use &U = *UI;
++UI;
@@ -540,12 +542,18 @@
// constant because they are uniqued.
if (auto *C = dyn_cast<Constant>(U.getUser())) {
if (!isa<GlobalValue>(C)) {
- C->handleOperandChange(this, New);
+ Consts.insert(C);
continue;
}
}
U.set(New);
}
+
+ while (!Consts.empty()) {
+ // FIXME: handleOperandChange() updates all the uses in a given Constant,
+ // not just the one passed to ShouldReplace
+ Consts.pop_back_val()->handleOperandChange(this, New);
+ }
}
/// Replace llvm.dbg.* uses of MetadataAsValue(ValueAsMetadata(V)) outside BB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D105061.355024.patch
Type: text/x-patch
Size: 1008 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210628/bc636047/attachment-0001.bin>
More information about the llvm-commits
mailing list