Write after free in debug info writer with fast isel #4474
Description
| Bugzilla Link | 4102 |
| Resolution | WORKSFORME |
| Resolved on | May 09, 2009 09:34 |
| Version | unspecified |
| OS | Linux |
| Attachments | Testcase (unreduced bitcode) |
| CC | @asl,@isanbard |
Extended Description
Testcase attached; to reproduce, run the following:
valgrind llc x.bc -o x.s -fast
First error:
==7399== Invalid write of size 4
==7399== at 0x8AC41C2: llvm::DwarfDebug::getOrCreateScope(llvm::GlobalVariable*) (DwarfWriter.cpp:2034)
==7399== by 0x8AC44CD: llvm::DwarfDebug::RecordRegionStart(llvm::GlobalVariable*) (DwarfWriter.cpp:3471)
==7399== by 0x8AAD37A: llvm::DwarfWriter::RecordRegionStart(llvm::GlobalVariable*) (DwarfWriter.cpp:4756)
==7399== by 0x898311C: llvm::FastISel::SelectCall(llvm::User*) (FastISel.cpp:349)
==7399== by 0x8984A70: llvm::FastISel::SelectOperator(llvm::User*, unsigned) (FastISel.cpp:721)
==7399== by 0x8984CAE: llvm::FastISel::SelectInstruction(llvm::Instruction*) (FastISel.cpp:626)
==7399== by 0x8A08A61: llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function&, llvm::MachineFunction&, llvm::MachineModuleInfo*, llvm::DwarfWriter*, llvm::TargetInstrInfo const&) (SelectionDAGISel.cpp:810)
==7399== by 0x8A09B88: llvm::SelectionDAGISel::runOnFunction(llvm::Function&) (SelectionDAGISel.cpp:331)
==7399== by 0x8D35F71: llvm::FPPassManager::runOnFunction(llvm::Function&) (PassManager.cpp:1338)
==7399== by 0x8D36A5F: llvm::FunctionPassManagerImpl::run(llvm::Function&) (PassManager.cpp:1291)
==7399== by 0x8D36C30: llvm::FunctionPassManager::run(llvm::Function&) (PassManager.cpp:1233)
==7399== by 0x8419F89: main (llc.cpp:322)
==7399== Address 0x4b40fa4 is 68 bytes inside a block of size 512 free'd
==7399== at 0x40246EA: operator delete(void*) (vg_replace_malloc.c:342)
==7399== by 0x8ABA5DE: llvm::DenseMap<llvm::GlobalVariable*, llvm::DbgScope*, llvm::DenseMapInfollvm::GlobalVariable*, llvm::DenseMapInfollvm::DbgScope* >::grow(unsigned) (DenseMap.h:469)
==7399== by 0x8ABA64D: llvm::DenseMap<llvm::GlobalVariable*, llvm::DbgScope*, llvm::DenseMapInfollvm::GlobalVariable*, llvm::DenseMapInfollvm::DbgScope* >::InsertIntoBucket(llvm::GlobalVariable* const&, llvm::DbgScope* const&, std::pair<llvm::GlobalVariable*, llvm::DbgScope*>) (DenseMap.h:351)
==7399== by 0x8ABA73D: llvm::DenseMap<llvm::GlobalVariable, llvm::DbgScope*, llvm::DenseMapInfollvm::GlobalVariable*, llvm::DenseMapInfollvm::DbgScope* >::FindAndConstruct(llvm::GlobalVariable* const&) (DenseMap.h:282)
==7399== by 0x8ABA76D: llvm::DenseMap<llvm::GlobalVariable*, llvm::DbgScope*, llvm::DenseMapInfollvm::GlobalVariable*, llvm::DenseMapInfollvm::DbgScope* >::operator[](llvm::GlobalVariable* const&) (DenseMap.h:286)
==7399== by 0x8AC40F4: llvm::DwarfDebug::getOrCreateScope(llvm::GlobalVariable*) (DwarfWriter.cpp:2024)
==7399== by 0x8AC417F: llvm::DwarfDebug::getOrCreateScope(llvm::GlobalVariable*) (DwarfWriter.cpp:2032)
==7399== by 0x8AC44CD: llvm::DwarfDebug::RecordRegionStart(llvm::GlobalVariable*) (DwarfWriter.cpp:3471)
==7399== by 0x8AAD37A: llvm::DwarfWriter::RecordRegionStart(llvm::GlobalVariable*) (DwarfWriter.cpp:4756)
==7399== by 0x898311C: llvm::FastISel::SelectCall(llvm::User*) (FastISel.cpp:349)
==7399== by 0x8984A70: llvm::FastISel::SelectOperator(llvm::User*, unsigned) (FastISel.cpp:721)
==7399== by 0x8984CAE: llvm::FastISel::SelectInstruction(llvm::Instruction*) (FastISel.cpp:626)