[llvm-bugs] [Bug 48117] New: A null pointer dereference error in GIMatchTree::writeDOTGraphEdges

Mon, 09 Nov 2020 04:03:46 -0800 

https://bugs.llvm.org/show_bug.cgi?id=48117

            Bug ID: 48117
           Summary: A null pointer dereference error in
                    GIMatchTree::writeDOTGraphEdges
           Product: tools
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: TableGen
          Assignee: unassignedb...@nondot.org
          Reporter: alansnape3...@gmail.com
                CC: llvm-bugs@lists.llvm.org

According to the bug reports of my clang static analyzer fork, in class
`llvm::GIMatchTree`, if `Partitioner` is not set or set to nullptr, when
calling function `GIMatchTree::writeDOTGraph`, a null pointer dereference will
occur in function `GIMatchTree::writeDOTGraphEdges`.

1. call function GIMatchTree::writeDOTGraph:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:24
24 void GIMatchTree::writeDOTGraph(raw_ostream &OS) const {

2. call function GIMatchTree::writeDOTGraphNode:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:26
26   writeDOTGraphNode(OS);

3. assume `Partitioner` is null, take the false branch:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:32
32   if (Partitioner) {

4. assume `Partitioner` is null, take the false branch:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:48
48   if (!Partitioner && !IsFullyTraversed)

5. assume `Partitioner` is null, take the false branch:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:50
50   if (!Partitioner && !IsFullyTested) {

6. assume `Partitioner` is null, take the false branch:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:63
63   if (!Partitioner &&

7. call function GIMatchTree::writeDOTGraphEdges:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:69
69   writeDOTGraphEdges(OS);

8. dereference null smart pointer `Partitioner`:
llvm/utils/TableGen/GlobalISel/GIMatchTree.cpp:76
76     Partitioner->emitPartitionName(OS, Child.index());

Although the problem will not be triggered with the path presented, the problem
still worth noting.
See the attached HTML report for more details.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to