https://llvm.org/bugs/show_bug.cgi?id=27196
Bug ID: 27196
Summary: Crash in LLParser with undefined tbaa metadata
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: LLVM assembly language parser
Assignee: unassignedb...@nondot.org
Reporter: philip.pfa...@gmail.com
CC: llvm-bugs@lists.llvm.org
Classification: Unclassified
Created attachment 16165
--> https://llvm.org/bugs/attachment.cgi?id=16165&action=edit
Crashing Testcase
If IR is annotated with TBAA metadata but the referenced MD isn't declared, an
assertion in MDNode::getOperand is triggered. In LLParser::ValidateEndOfModule
in the call to UpgradeInstWithTBAATag, there is an unconditional check
"isa<MDNode>(MD->getOperand(0))", which ends badly if MD->getNumOperands() is
0.
Crashing testcase attached.
A similar unchecked call chain occurs in BitcodeReader, but i haven't been able
to reproduce the error there, and i'm not sure whether the bitcode format
actually allows for this problem to arise.
A possible fix for the LLParser could be this:
--- a/lib/AsmParser/LLParser.cpp
+++ b/lib/AsmParser/LLParser.cpp
@@ -100,8 +100,9 @@ void LLParser::restoreParsingState(const SlotMapping
*Slots) {
/// ValidateEndOfModule - Do final validity and sanity checks at the end of
the
/// module.
bool LLParser::ValidateEndOfModule() {
- for (unsigned I = 0, E = InstsWithTBAATag.size(); I < E; I++)
- UpgradeInstWithTBAATag(InstsWithTBAATag[I]);
+ for (auto *I : InstsWithTBAATag)
+ if (I->getMetadata(LLVMContext::MD_tbaa)->getNumOperands() > 0)
+ UpgradeInstWithTBAATag(I);
// Handle any function attribute group forward references.
for (std::map<Value*, std::vector<unsigned> >::iterator
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
