[llvm] 67f7efb - [JITLink][RISCV] Fix use-after-free in relax

Job Noorman via llvm-commits llvm-commits at lists.llvm.org
Thu Jul 13 00:02:30 PDT 2023


Author: Job Noorman
Date: 2023-07-13T09:02:19+02:00
New Revision: 67f7efbbbb047fbeb28159f691962b365008afa4

URL: https://github.com/llvm/llvm-project/commit/67f7efbbbb047fbeb28159f691962b365008afa4
DIFF: https://github.com/llvm/llvm-project/commit/67f7efbbbb047fbeb28159f691962b365008afa4.diff

LOG: [JITLink][RISCV] Fix use-after-free in relax

Finalization of relaxation calls `finalizeBlockRelax` for every block in
the graph. This function, however, would iterate over //all// blocks in
the graph to remove `AlignRelaxable` edges. Since pointers to those
edges would still be stored in `RelaxEdges`, this caused a
use-after-free for graphs with multiple blocks.

This patch fixes this by only iterating over the edges of the current
block in `finalizeBlockRelax`.

Reviewed By: StephenFan

Differential Revision: https://reviews.llvm.org/D154844

Added: 
    

Modified: 
    llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp b/llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp
index a64176df7ba621..410dd7fedad1a4 100644
--- a/llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp
+++ b/llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp
@@ -744,13 +744,11 @@ static void finalizeBlockRelax(LinkGraph &G, Block &Block, BlockRelaxAux &Aux) {
   // Remove AlignRelaxable edges: all other relaxable edges got modified and
   // will be used later while linking. Alignment is entirely handled here so we
   // don't need these edges anymore.
-  for (auto *B : G.blocks()) {
-    for (auto IE = B->edges().begin(); IE != B->edges().end();) {
-      if (IE->getKind() == AlignRelaxable)
-        IE = B->removeEdge(IE);
-      else
-        ++IE;
-    }
+  for (auto IE = Block.edges().begin(); IE != Block.edges().end();) {
+    if (IE->getKind() == AlignRelaxable)
+      IE = Block.removeEdge(IE);
+    else
+      ++IE;
   }
 }
 


        


More information about the llvm-commits mailing list