http://llvm.org/bugs/show_bug.cgi?id=8522
Summary: Use-after-free in VMCore library
(ConstantUniqueMap::refineAbstractType)
Product: new-bugs
Version: trunk
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P
Component: new bugs
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
Created an attachment (id=5713)
--> (http://llvm.org/bugs/attachment.cgi?id=5713)
Possible fix?
When ConstantUniqueMap::refineAbstractType() deletes an InlineAsm constant, it
seems like it can find the same constant again later in its main loop.
I was able to repro this (on trunk and on 2.8) when linking parts of the Xen
hypervisor, which would cause llvm-ld to segfault:
whitby:link$ llvm-ld -r -o test.o domain.o memory.o
0 llvm-ld 0x0000000000c42ff2
1 llvm-ld 0x0000000000c42de5
2 libpthread.so.0 0x00007f9b55b3ef60
3 libpthread.so.0 0x00000000025394d0
Stack dump:
0. Program arguments: llvm-ld -r -o test.o domain.o memory.o
Segmentation fault
I can supply the actual .o files if needed.
The problem seems to be that other constant types make an effort to remove
themselves cleanly from datastructures but InlineAsms just delete themselves.
By cargo-culting other constant types I found the attached patch fixes the
crash but I have no great faith in its correctness. :)
Cheers,
Tim.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
