[llvm] 8d38906 - [IR] Fix assertion error in User new/delete edge case (#129914)
via llvm-commits
llvm-commits at lists.llvm.org
Mon Mar 10 03:53:48 PDT 2025
Author: Marc Auberer
Date: 2025-03-10T11:53:45+01:00
New Revision: 8d38906d08f0189a7a7f865b267f47cab0a3790f
URL: https://github.com/llvm/llvm-project/commit/8d38906d08f0189a7a7f865b267f47cab0a3790f
DIFF: https://github.com/llvm/llvm-project/commit/8d38906d08f0189a7a7f865b267f47cab0a3790f.diff
LOG: [IR] Fix assertion error in User new/delete edge case (#129914)
Fixes #129900
If `operator delete` was called after an unsuccessful constructor call
after `operator new`, we ran into undefined behaviour.
This was discovered by our malfunction tests while preparing an upgrade
to LLVM 20, that explicitly check for such kind of bugs.
Added:
Modified:
llvm/lib/IR/User.cpp
Removed:
################################################################################
diff --git a/llvm/lib/IR/User.cpp b/llvm/lib/IR/User.cpp
index b0aa785deb9af..ab44cb4b8a3f7 100644
--- a/llvm/lib/IR/User.cpp
+++ b/llvm/lib/IR/User.cpp
@@ -146,6 +146,9 @@ void *User::allocateFixedOperandUser(size_t Size, unsigned Us,
Use *Start = reinterpret_cast<Use *>(Storage + DescBytesToAllocate);
Use *End = Start + Us;
User *Obj = reinterpret_cast<User *>(End);
+ Obj->NumUserOperands = Us;
+ Obj->HasHungOffUses = false;
+ Obj->HasDescriptor = DescBytes != 0;
for (; Start != End; Start++)
new (Start) Use(Obj);
@@ -172,6 +175,9 @@ void *User::operator new(size_t Size, HungOffOperandsAllocMarker) {
void *Storage = ::operator new(Size + sizeof(Use *));
Use **HungOffOperandList = static_cast<Use **>(Storage);
User *Obj = reinterpret_cast<User *>(HungOffOperandList + 1);
+ Obj->NumUserOperands = 0;
+ Obj->HasHungOffUses = true;
+ Obj->HasDescriptor = false;
*HungOffOperandList = nullptr;
return Obj;
}
More information about the llvm-commits
mailing list