[LLVMdev] MachineCodeEmitter Patch
Thomas Jablin
tjablin at cs.princeton.edu
Sat Nov 22 12:51:46 PST 2008
Actually, there is a problem with the patch. Please delay review.
Thomas Jablin wrote:
> Hi,
> The following code:
>
> #include<stdio.h>
>
> char bigArray[0x1000000];
>
> int main(int argc, char **argv) {
> printf("mem: 0x%x\n", (unsigned) bigArray);
> return 0;
> }
>
> causes lli to silently fail, even though it compiles correctly with
> llc. The reason is that in JITEmitter.cpp only checks to see if
> CurBufferPtr == BufferEnd at the beginning of the function and not
> after all relocations have been handled. I have fixed this bug by
> adding an additional check after all relocations have been completed.
> In the process of fixing this bug, I happened to look through the code
> in MachineCodeEmitter.h. The buffer size checks in
> MachineCodeEmitter.h all suffer from an integer overflow bug. For
> example in allocateSpace the code reads:
>
> // Allocate the space.
> CurBufferPtr += Size;
>
> // Check for buffer overflow.
> if (CurBufferPtr >= BufferEnd) {
>
> This is wrong because Size + CurBufferPtr can cause an integer
> overflow and thus appear to be less than BufferEnd. The correct way
> to check for the end of a buffer is always:
>
> (Size >= BufferEnd-CurBufferPtr)
>
> This integer overflow bug causes the program:
> #include<stdio.h>
>
> char b = 'b';
> char c[0x8000000];
>
> int main(int argc, char **argv) {
> printf("%c\n", c[0]);
> return 0;
> }
> to segfault in lli.
>
> Finally, I have changed several instances of intptr_t to uintptr_t to
> avoid dangerous comparisons between signed and unsigned types. Code
> review of the enclosed patch would be greatly appreciated. Thanks
> Tom
> ------------------------------------------------------------------------
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
More information about the llvm-dev
mailing list