Read-after-free in IPConstantPropagation #2610
Description
| Bugzilla Link | 2238 |
| Resolution | FIXED |
| Resolved on | Apr 23, 2008 00:59 |
| Version | unspecified |
| OS | Linux |
| Reporter | LLVM Bugzilla Contributor |
Extended Description
Running test/Transforms/IPConstantProp/return-constants.ll under valgrind
shows:
Invalid read of size 8
at 0x7A5064: llvm::Use::getNext() const (Use.h:67)
by 0x7A65A8: llvm::value_use_iteratorllvm::User::operator++() (Use.h:132)
by 0x7F4CF4: (anonymous namespace)::IPCP::PropagateConstantReturn(llvm::Function&) (IPConstantPropagation.cpp:200)
by 0x7F545C: (anonymous namespace)::IPCP::runOnModule(llvm::Module&) (IPConstantPropagation.cpp:65)
by 0xA6111F: llvm::MPPassManager::runOnModule(llvm::Module&) (PassManager.cpp:1248)
by 0xA612AF: llvm::PassManagerImpl::run(llvm::Module&) (PassManager.cpp:1322)
by 0xA61312: llvm::PassManager::run(llvm::Module&) (PassManager.cpp:1354)
by 0x7B31FF: main (opt.cpp:428)
Address 0x40536B8 is 80 bytes inside a block of size 120 free'd
at 0x4C2153D: operator delete(void*) (vg_replace_malloc.c:244)
by 0xA4CC4D: llvm::GetResultInst::~GetResultInst() (Instructions.h:2553)
by 0x7D7DC9: llvm::iplist<llvm::Instruction, llvm::ilist_traitsllvm::Instruction >::erase(llvm::ilist_iteratorllvm::Instruction) (ilist:377)
by 0xA3C7CF: llvm::Instruction::eraseFromParent() (Instruction.cpp:68)
by 0x7F4CE8: (anonymous namespace)::IPCP::PropagateConstantReturn(llvm::Function&) (IPConstantPropagation.cpp:205)
by 0x7F545C: (anonymous namespace)::IPCP::runOnModule(llvm::Module&) (IPConstantPropagation.cpp:65)
by 0xA6111F: llvm::MPPassManager::runOnModule(llvm::Module&) (PassManager.cpp:1248)
by 0xA612AF: llvm::PassManagerImpl::run(llvm::Module&) (PassManager.cpp:1322)
by 0xA61312: llvm::PassManager::run(llvm::Module&) (PassManager.cpp:1354)
by 0x7B31FF: main (opt.cpp:428)