https://llvm.org/bugs/show_bug.cgi?id=27882
Bug ID: 27882
Summary: libprofile: allocateOneNode() can overflow
CurrentVNode
Product: compiler-rt
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: compiler-rt
Assignee: unassignedb...@nondot.org
Reporter: v...@apple.com
CC: llvm-bugs@lists.llvm.org
Classification: Unclassified
In allocateOneNode(), we increment CurrentVNode without first checking if it's
greater than EndVnode. This could eventually cause CurrentVNode to overflow and
return a bad vnode:
106 Node = COMPILER_RT_PTR_FETCH_ADD(ValueProfNode, CurrentVNode, 1);
107 if (Node >= EndVNode) {
108 if (OutOfNodesWarnings++ < MAX_VP_WARNS) {
109 PROF_WARN("Unable to track new values: %s. "
110 " Consider using option -mllvm -vp-counters-per-site=<n> to
allocate more"
111 " value profile counters at compile time. \n",
112 "Running out of static counters");
113 }
114 return 0;
115 }
116 return Node;
Sean suggested limiting increments of CurrentVNode to #threads past EndVNode.
Another option is to attempt to CmpExchange CurrentVnode to its next value
while (CurrentVNode + 1 < EndVNode). We'd return if the CmpExchange succeeds.
If the loop exits we'd return NULL.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
