[LLVMdev] Dereferencing NULL pointer in IndVarSimplify.cpp?
Duncan P. N. Exon Smith
dexonsmith at apple.com
Fri Oct 24 08:28:21 PDT 2014
> On 2014-Oct-23, at 20:32, Andrew Trick <atrick at apple.com> wrote:
>
>
>> On Oct 17, 2014, at 5:21 PM, Liang Wang <netcasper at gmail.com> wrote:
>>
>> Hi,
>>
>> Here is the code in IndVarSimplify.cpp.
>>
>> SmallVector<WeakVH, 16> DeadInsts;
>>
>>
>> while (!DeadInsts.empty())
>> if (Instruction *Inst =
>> dyn_cast_or_null<Instruction>(&*DeadInsts.pop_back_val()))
>> RecursivelyDeleteTriviallyDeadInstructions(Inst, TLI);
>>
>> Since DeadInsts.pop_back_val() is WeakVH which could hold a NULL
>> pointer, the expression, &*DeadInsts.pop_back_val(), could be &*NULL.
>> Then NULL pointer is dereferenced here.
>>
>> I wrote a small test case and it works just fine. But is this a
>> well-defined behavior in the standard?
This is UB, but `&*nullptr` often "works" so I'm not surprised you
couldn't expose it with a testcase.
>
> Try clang-dev or a c++ list for questions about the standard.
>
> I think it would have been nicer to write (Value*)DeadInsts.pop_back_val()
> -Andy
+1 (or `static_cast<Value *>(DeadInsts.pop_back_val())`).
More information about the llvm-dev
mailing list