[LLVMdev] Dereferencing NULL pointer in IndVarSimplify.cpp?
Liang Wang
netcasper at gmail.com
Fri Oct 24 14:49:34 PDT 2014
On Fri, Oct 24, 2014 at 8:28 AM, Duncan P. N. Exon Smith
<dexonsmith at apple.com> wrote:
>
>> On 2014-Oct-23, at 20:32, Andrew Trick <atrick at apple.com> wrote:
>>
>>
>>> On Oct 17, 2014, at 5:21 PM, Liang Wang <netcasper at gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> Here is the code in IndVarSimplify.cpp.
>>>
>>> SmallVector<WeakVH, 16> DeadInsts;
>>>
>>>
>>> while (!DeadInsts.empty())
>>> if (Instruction *Inst =
>>> dyn_cast_or_null<Instruction>(&*DeadInsts.pop_back_val()))
>>> RecursivelyDeleteTriviallyDeadInstructions(Inst, TLI);
>>>
>>> Since DeadInsts.pop_back_val() is WeakVH which could hold a NULL
>>> pointer, the expression, &*DeadInsts.pop_back_val(), could be &*NULL.
>>> Then NULL pointer is dereferenced here.
>>>
>>> I wrote a small test case and it works just fine. But is this a
>>> well-defined behavior in the standard?
>
> This is UB, but `&*nullptr` often "works" so I'm not surprised you
> couldn't expose it with a testcase.
Thanks, Duncan and Andrew. This confused (and surprised) me quite a
bit actually.
>
>>
>> Try clang-dev or a c++ list for questions about the standard.
>>
>> I think it would have been nicer to write (Value*)DeadInsts.pop_back_val()
>> -Andy
>
> +1 (or `static_cast<Value *>(DeadInsts.pop_back_val())`).
More information about the llvm-dev
mailing list