https://bugs.llvm.org/show_bug.cgi?id=35889
Bug ID: 35889
Summary: SmallVector: use-after-poison MSAN error in destructor
Product: libraries
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Core LLVM classes
Assignee: unassignedb...@nondot.org
Reporter: st...@obrien.cc
CC: llvm-bugs@lists.llvm.org
The topmost class, `SmallVector`, has internal storage for some elements; `N -
1` elements' bytes worth of space. Meanwhile a base class
`SmallVectorTemplateCommon` has room for one element as well, totaling `N`
elements' worth of space.
The space for the N elements is contiguous and straddles
`SmallVectorTemplateCommon` and `SmallVector`.
A class "between" those two owning the storage, `SmallVectorImpl`, in its
destructor, calls the destructor for elements contained in the vector, if any.
It uses `destroy_range(begin, end)` to destroy all items in sequence, starting
from the end.
By the time the destructor for `SmallVectorImpl` is running, though, the memory
for elements `[1, N)` is already poisoned, due to `SmallVector`'s destructor
having done its thing already.
So if the element type `T` has a nontrivial destructor that accesses any
members of the `T` instance being destroyed, we'll run into a use-after-poison
bug.
This patch moves the destruction loop into `SmallVector`'s destructor, so any
memory being accessed while dtors are running is not yet poisoned.
[Phabricator diff and repro steps coming]
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
