RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-12-16 08:08:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix a use-after-free error in GlobalOpt CleanupConstantGlobalUsers

Browse Source 
GlobalOpt's CleanupConstantGlobalUsers function uses a worklist array to manage
constant users to be visited. The pointers in this array need to be weak
handles because when we delete a constant array, we may also be holding a
pointer to one of its elements (or an element of one of its elements if we're
dealing with an array of arrays) in the worklist.

Fixes PR17347.

llvm-svn: 197178
This commit is contained in:
Hal Finkel 2013-12-12 20:45:24 +00:00
parent 4492bf3e5d
commit 89ba3023da
2 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/Transforms/IPO/GlobalOpt.cpp
View File

@ -37,6 +37,7 @@
#include "llvm/Support/GetElementPtrTypeIterator.h"
#include "llvm/Support/MathExtras.h"
#include "llvm/Support/raw_ostream.h"
#include "llvm/Support/ValueHandle.h"
#include "llvm/Target/TargetLibraryInfo.h"
#include "llvm/Transforms/Utils/GlobalStatus.h"
#include "llvm/Transforms/Utils/ModuleUtils.h"
@ -267,9 +268,17 @@ static bool CleanupPointerRootUsers(GlobalVariable *GV,
static bool CleanupConstantGlobalUsers(Value *V, Constant *Init,
DataLayout *TD, TargetLibraryInfo *TLI) {
bool Changed = false;
SmallVector<User*, 8> WorkList(V->use_begin(), V->use_end());
// Note that we need to use a weak value handle for the worklist items. When
// we delete a constant array, we may also be holding pointer to one of its
// elements (or an element of one of its elements if we're dealing with an
// array of arrays) in the worklist.
SmallVector<WeakVH, 8> WorkList(V->use_begin(), V->use_end());
while (!WorkList.empty()) {
User *U = WorkList.pop_back_val();
Value *UV = WorkList.pop_back_val();
if (!UV)
continue;
User *U = cast<User>(UV);
if (LoadInst *LI = dyn_cast<LoadInst>(U)) {
if (Init) {

32
test/Transforms/GlobalOpt/array-elem-refs.ll Normal file
View File

@ -0,0 +1,32 @@
; RUN: opt < %s -S -globalopt | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
%struct.S = type { i8, i8 }
@c = internal global i8** bitcast (i8* getelementptr (i8* bitcast ([8 x i8*]* @b to i8*), i64 48) to i8**), align 8
@b = internal global [8 x i8*] [i8* null, i8* null, i8* null, i8* null, i8* null, i8* null, i8* getelementptr inbounds (%struct.S* @a, i32 0, i32 0), i8* getelementptr (i8* getelementptr inbounds (%struct.S* @a, i32 0, i32 0), i64 1)], align 16
@a = internal global %struct.S zeroinitializer, align 1
; Function Attrs: nounwind uwtable
define signext i8 @foo() #0 {
entry:
%0 = load i8*** @c, align 8
%1 = load i8** %0, align 8
%2 = load i8* %1, align 1
ret i8 %2
; CHECK-LABEL: @foo
; CHECK: ret i8 0
}
; Function Attrs: nounwind uwtable
define i32 @main() #0 {
entry:
%retval = alloca i32, align 4
store i32 0, i32* %retval
ret i32 0
}
attributes #0 = { nounwind uwtable }