[PATCH] D132493: [Sample Profile Reader] Fix potential integer overflow/infinite loop bug in sample profile reader

William Junda Huang via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Aug 23 12:08:19 PDT 2022 

huangjd created this revision.
huangjd added a reviewer: davidxl.
Herald added subscribers: wenlei, hiraditya.
Herald added a project: All.
huangjd requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

Change loop induction variable type to match the type of "SIZE" where it's compared against, to prevent infinite loop caused by overflow wraparound if there are more than 2^32 samples


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D132493

Files:
  llvm/lib/ProfileData/SampleProfReader.cpp


Index: llvm/lib/ProfileData/SampleProfReader.cpp
===================================================================
--- llvm/lib/ProfileData/SampleProfReader.cpp
+++ llvm/lib/ProfileData/SampleProfReader.cpp
@@ -809,7 +809,7 @@
     OrderedFuncOffsets->reserve(*Size);
   }
 
-  for (uint32_t I = 0; I < *Size; ++I) {
+  for (uint64_t I = 0; I < *Size; ++I) {
     auto FContext(readSampleContextFromTable());
     if (std::error_code EC = FContext.getError())
       return EC;
@@ -1096,7 +1096,7 @@
     return sampleprof_error::success;
   }
   NameTable.reserve(*Size);
-  for (uint32_t I = 0; I < *Size; ++I) {
+  for (uint64_t I = 0; I < *Size; ++I) {
     auto FID = readNumber<uint64_t>();
     if (std::error_code EC = FID.getError())
       return EC;
@@ -1237,7 +1237,7 @@
   if (std::error_code EC = Size.getError())
     return EC;
   NameTable.reserve(*Size);
-  for (uint32_t I = 0; I < *Size; ++I) {
+  for (uint64_t I = 0; I < *Size; ++I) {
     auto FID = readNumber<uint64_t>();
     if (std::error_code EC = FID.getError())
       return EC;
@@ -1279,7 +1279,7 @@
   if (std::error_code EC = EntryNum.getError())
     return EC;
 
-  for (uint32_t i = 0; i < (*EntryNum); i++)
+  for (uint64_t i = 0; i < (*EntryNum); i++)
     if (std::error_code EC = readSecHdrTableEntry(i))
       return EC;
 
@@ -1448,7 +1448,7 @@
     return EC;
 
   FuncOffsetTable.reserve(*Size);
-  for (uint32_t I = 0; I < *Size; ++I) {
+  for (uint64_t I = 0; I < *Size; ++I) {
     auto FName(readStringFromTable());
     if (std::error_code EC = FName.getError())
       return EC;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D132493.454921.patch
Type: text/x-patch
Size: 1584 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220823/e08b5416/attachment.bin>

More information about the llvm-commits mailing list