Skip to content

[GVN] Use after free during load PRE #69301

New issue
New issue
Closed
#69314
llvm/llvm-project-release-prs
#758
Closed
[GVN] Use after free during load PRE#69301
#69314
llvm/llvm-project-release-prs
#758
Assignees
nikic
Labels
llvm:GVNGVN and NewGVN stages (Global value numbering)llvm:crashrelease:backportrelease:merged
Milestone
LLVM 17.0.X Release
@nikic

Description

@nikic
nikic
opened on Oct 17, 2023
; RUN: opt -S -passes=gvn < %s
define i64 @test(i1 %c, ptr %p) {
entry:
  br label %loop

loop:
  %iv = phi i64 [ 0, %entry ], [ %add, %loop.latch ]
  %ptr.iv = phi ptr [ %p, %entry ], [ %select, %loop.latch ]
  %icmp = icmp eq i64 %iv, 0
  br i1 %icmp, label %exit, label %loop.cont

loop.cont:
  %add = add i64 %iv, -1
  br i1 %c, label %exit, label %loop.latch

loop.latch:
  %load = load i64, ptr %ptr.iv, align 8
  %load6 = load i64, ptr null, align 8
  %icmp7 = icmp ugt i64 %load, %load6
  %select = select i1 %icmp7, ptr %ptr.iv, ptr null
  br label %loop

exit:
  %res = load i64, ptr %ptr.iv, align 8
  ret i64 %res
}

Produces a use after free.

Metadata

Metadata

Assignees

Labels

llvm:GVNGVN and NewGVN stages (Global value numbering)llvm:crashrelease:backportrelease:merged

Type

No type

Projects

LLVM Release Status

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions