memory unsafety bug #9418
Description
| Bugzilla Link | 9046 |
| Resolution | FIXED |
| Resolved on | Feb 14, 2011 01:30 |
| Version | trunk |
| OS | Linux |
| Attachments | failure-inducing C code |
Extended Description
We've been seeing some odd compiler hangs and reports of heap corruption from glibc; valgrind says it's a use-after-free problem. Sorry for the not-reduced testcase.
regehr@home:$ valgrind -q --trace-children=yes clang -O2 -w small.c$
==30005== Invalid read of size 4
==30005== at 0x948B53E: llvm::FoldingSetImpl::InsertNode(llvm::FoldingSetImpl::Node*, void*) (in /mnt/z/z/compiler-install/llvm-gcc-r124171-install/bin/clang)
==30005== by 0x4B9DD63: ???
==30005== Address 0x465e064 is 124 bytes inside a block of size 260 free'd
==30005== at 0x40257ED: free (vg_replace_malloc.c:366)
==30005== by 0x948B4B3: llvm::FoldingSetImpl::GrowHashTable() (in /mnt/z/z/compiler-install/llvm-gcc-r124171-install/bin/clang)
==30005==
==30005== Invalid write of size 4
==30005== at 0x948B54C: llvm::FoldingSetImpl::InsertNode(llvm::FoldingSetImpl::Node*, void*) (in /mnt/z/z/compiler-install/llvm-gcc-r124171-install/bin/clang)
==30005== by 0x4B9DD63: ???
==30005== Address 0x465e064 is 124 bytes inside a block of size 260 free'd
==30005== at 0x40257ED: free (vg_replace_malloc.c:366)
==30005== by 0x948B4B3: llvm::FoldingSetImpl::GrowHashTable() (in /mnt/z/z/compiler-install/llvm-gcc-r124171-install/bin/clang)
==30005==
regehr@home:
regehr@home:$$
regehr@home:
regehr@home:~$ clang -v
clang version 2.9 (trunk 124171)
Target: i386-pc-linux-gnu
Thread model: posix