http://llvm.org/bugs/show_bug.cgi?id=10755
Summary: ARM Disassembler crash on invalid input
Product: libraries
Version: trunk
Platform: PC
OS/Version: All
Status: NEW
Severity: normal
Priority: P
Component: Backend: ARM
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected], [email protected]
Found a crashing input for the ARM disassembler. There are many many inputs
which hit the same crash, this is just one example.
% ./llvm-mc -disassemble -triple thumbv7-unknown-unknown crasher.txt
crasher.txt:1:1: warning: potentially undefined instruction encoding
0xff 0xbf 0x6b 0x80 0x00 0x75
^
iteee al
strh r3, [r5, #2]
strbUnknown condition code
UNREACHABLE executed at lib/Target/ARM/MCTargetDesc/ARMBaseInfo.h:70!
This appears to be because in ARMDisassembler.cpp:378 we read a condition code,
but don't check for an invalid entry:
374 // If we're in an IT block, base the predicate on that. Otherwise,
375 // assume a predicate of AL.
376 unsigned CC;
377 if (!ITBlock.empty()) {
378 CC = ITBlock.back();
379 ITBlock.pop_back();
380 } else
381 CC = ARMCC::AL;
I suspect this needs some logic along the lines of what DecodeITCond has, where
it checks for 0xF, flags a failure, and sets it to 0xE to avoid crashing. I've
added code to just always map 0xF to 0xE here (w/o flagging the error) and the
crash for this (and all the other inputs that hit the same assert that I have)
go away.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
