[LLVMdev] Bufer overrun in getValueTypeList()

Martinez, Javier E javier.e.martinez at intel.com
Wed Apr 21 11:40:50 PDT 2010


I've observed in some tests that getValueTypeList() is sometimes called with type MVT::iPTR. There is a discrepancy between the size of the array VTs and the use in getTypeValueList(). The array is allocated with space for elements up to LAST_VALUE_TYPE  and iPTR is defined after it. The enumerator value of iPTR is between LAST_VALUE_TYPE and LastSimpleValueType. For this reason the check VT.isExtended() fails and the value is looked up in VTs triggering an out of bounds access. In the version of LLVM we're using getValueTypeList even tries  to write to that array element causing a memory corruption. Should iPTR handled with the extended types, simple types or in a different way? Should this function even be called with iPTR?

Other value types that could have the same problem are Metadata, iPTRAny, vAny, fAny and iAny.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20100421/5ac6bb64/attachment.html>

More information about the llvm-dev mailing list