[llvm] [LLVM] [X86] Fix integer overflows in frame layout for huge frames (PR #101840)

via llvm-commits llvm-commits at lists.llvm.org
Fri Aug 23 05:19:16 PDT 2024 

zmodem wrote:

The preprocessed source above was for the crash in V8, which is a different function. Sorry about that.

Here is a reproducer based on SystemInfo.cpp in ANGLE. Again, I don't see anything fishy in that code, so I don't think a compiler error is appropriate.

```
$ cat SystemInfo.cpp 
#include <string>
#include <sstream>

bool ParseAMDBrahmaDriverVersion(const std::string &content, std::string *version)
{
    const size_t begin = content.find_first_of("0123456789");
    if (begin == std::string::npos)
    {
        return false;
    }

    const size_t end = content.find_first_not_of("0123456789.", begin);
    if (end == std::string::npos)
    {
        *version = content.substr(begin);
    }
    else
    {
        *version = content.substr(begin, end - begin);
    }
    return true;
}

bool ParseAMDCatalystDriverVersion(const std::string &content, std::string *version)
{
    std::istringstream stream(content);

    std::string line;
    while (std::getline(stream, line))
    {
        static const char kReleaseVersion[] = "ReleaseVersion=";
        if (line.compare(0, std::strlen(kReleaseVersion), kReleaseVersion) != 0)
        {
            continue;
        }

        if (ParseAMDBrahmaDriverVersion(line, version))
        {
            return true;
        }
    }
    return false;
}

$ /work/llvm-project/build/bin/clang.bad --driver-mode=cl /c SystemInfo.cpp /winsysroot../../third_party/depot_tools/win_toolchain/vs_files/7393122652 -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS -I../../buildtools/third_party/libc++ -I../../third_party/libc++/src/include -fno-delete-null-pointer-checks -fmerge-all-constants -m32 -msse3 /O2 /Oy- /std:c++20
clang.bad: /work/llvm-project/llvm/lib/Target/X86/X86RegisterInfo.cpp:989: virtual bool llvm::X86RegisterInfo::eliminateFrameIndex(MachineBasicBlock::iterator, int, unsigned int, RegScavenger *) const: Assertion `(Is64Bit || FitsIn32Bits) && "Requesting 64-bit offset in 32-bit immediate!"' failed.
```

Here is the crash repro as emitted by Clang: 
[SystemInfo-e066e8.tar.gz](https://github.com/user-attachments/files/16728492/SystemInfo-e066e8.tar.gz)

Just speculating, I could imagine something along the lines of an `idx == string::npos` comparison getting replaced by `ptr + idx == ptr + string::npos` with `ptr` referring to a stack variable somewhere along the compilation path?

https://github.com/llvm/llvm-project/pull/101840

More information about the llvm-commits mailing list