[PATCH] D111112: [SCCPSolver] Fix use-after-free in markArgInFuncSpecialization.
Sjoerd Meijer via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Oct 5 04:57:59 PDT 2021
This revision was automatically updated to reflect the committed changes.
Closed by commit rGcdfc678572d6: [SCCPSolver] Fix use-after-free in markArgInFuncSpecialization (authored by SjoerdMeijer).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D111112/new/
https://reviews.llvm.org/D111112
Files:
llvm/lib/Transforms/Utils/SCCPSolver.cpp
Index: llvm/lib/Transforms/Utils/SCCPSolver.cpp
===================================================================
--- llvm/lib/Transforms/Utils/SCCPSolver.cpp
+++ llvm/lib/Transforms/Utils/SCCPSolver.cpp
@@ -540,8 +540,14 @@
E = F->arg_end();
I != E; ++I, ++J)
if (J != A && ValueState.count(I)) {
- ValueState[J] = ValueState[I];
- pushToWorkList(ValueState[J], J);
+ // Note: This previously looked like this:
+ // ValueState[J] = ValueState[I];
+ // This is incorrect because the DenseMap class may resize the underlying
+ // memory when inserting `J`, which will invalidate the reference to `I`.
+ // Instead, we make sure `J` exists, then set it to `I` afterwards.
+ auto &NewValue = ValueState[J];
+ NewValue = ValueState[I];
+ pushToWorkList(NewValue, J);
}
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D111112.377154.patch
Type: text/x-patch
Size: 853 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20211005/0c497d87/attachment.bin>
More information about the llvm-commits
mailing list