Skip to content

Possible NULL dereference in mlir/Dialect/SPIRV/IR #157453

New issue
New issue
Closed as not planned
#157457
Closed as not planned
Possible NULL dereference in mlir/Dialect/SPIRV/IR#157453
#157457
Labels
code-qualitymlir:spirv
@apach301

Description

@apach301
apach301
opened on Sep 8, 2025

Hi,

I found possible null pointer dereference with Svace static analyzer.

An intTy pointer is checked on NULL in mlir::spirv::ConstantOp::getAsmResultNames() at mlir/lib/Dialect/SPIRV/IR/SPIRVOps.cpp:726. But after that it is dereferenced without any checks:

llvm-project/mlir/lib/Dialect/SPIRV/IR/SPIRVOps.cpp

Lines 726 to 737 in b5a1747

if (intTy && intTy.getWidth() == 1) {
return setNameFn(getResult(), (intCst.getInt() ? "true" : "false"));
}
if (intTy.isSignless()) {
specialName << intCst.getInt();
} else if (intTy.isUnsigned()) {
specialName << intCst.getUInt();
} else {
specialName << intCst.getSInt();
}
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    code-qualitymlir:spirv

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions