git: f30188c4680a - main - Merge commit 9f85bc834b07 from llvm-project (by Nikita Popov):
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 30 May 2024 15:35:43 UTC
The branch main has been updated by dim: URL: https://cgit.FreeBSD.org/src/commit/?id=f30188c4680a85126e793de157b851bf5ee47529 commit f30188c4680a85126e793de157b851bf5ee47529 Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2024-05-30 15:35:15 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2024-05-30 15:35:15 +0000 Merge commit 9f85bc834b07 from llvm-project (by Nikita Popov): [PPCMergeStringPool] Only replace constant once (#92996) In #88846 I changed this code to use RAUW to perform the replacement instead of manual updates -- but kept the outer loop, which means we try to perform RAUW once per user. However, some of the users might be freed by the RAUW operation, resulting in use-after-free. The case where this happens is constant users where the replacement might result in the destruction of the original constant. Fixes https://github.com/llvm/llvm-project/issues/92991. This fixes a possible crash when building crypto/openssh/sshkey.c for PowerPC targets. Reported by: cperciva PR: 276104 MFC after: 3 days --- .../llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp | 37 ++++------------------ 1 file changed, 7 insertions(+), 30 deletions(-) diff --git a/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp b/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp index ebd876d50c44..0830b02370cd 100644 --- a/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp +++ b/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp @@ -290,13 +290,6 @@ bool PPCMergeStringPool::mergeModuleStringPool(Module &M) { return true; } -static bool userHasOperand(User *TheUser, GlobalVariable *GVOperand) { - for (Value *Op : TheUser->operands()) - if (Op == GVOperand) - return true; - return false; -} - // For pooled strings we need to add the offset into the pool for each string. // This is done by adding a Get Element Pointer (GEP) before each user. This // function adds the GEP. @@ -307,29 +300,13 @@ void PPCMergeStringPool::replaceUsesWithGEP(GlobalVariable *GlobalToReplace, Indices.push_back(ConstantInt::get(Type::getInt32Ty(*Context), 0)); Indices.push_back(ConstantInt::get(Type::getInt32Ty(*Context), ElementIndex)); - // Need to save a temporary copy of each user list because we remove uses - // as we replace them. - SmallVector<User *> Users; - for (User *CurrentUser : GlobalToReplace->users()) - Users.push_back(CurrentUser); - - for (User *CurrentUser : Users) { - // The user was not found so it must have been replaced earlier. - if (!userHasOperand(CurrentUser, GlobalToReplace)) - continue; - - // We cannot replace operands in globals so we ignore those. - if (isa<GlobalValue>(CurrentUser)) - continue; - - Constant *ConstGEP = ConstantExpr::getInBoundsGetElementPtr( - PooledStructType, GPool, Indices); - LLVM_DEBUG(dbgs() << "Replacing this global:\n"); - LLVM_DEBUG(GlobalToReplace->dump()); - LLVM_DEBUG(dbgs() << "with this:\n"); - LLVM_DEBUG(ConstGEP->dump()); - GlobalToReplace->replaceAllUsesWith(ConstGEP); - } + Constant *ConstGEP = + ConstantExpr::getInBoundsGetElementPtr(PooledStructType, GPool, Indices); + LLVM_DEBUG(dbgs() << "Replacing this global:\n"); + LLVM_DEBUG(GlobalToReplace->dump()); + LLVM_DEBUG(dbgs() << "with this:\n"); + LLVM_DEBUG(ConstGEP->dump()); + GlobalToReplace->replaceAllUsesWith(ConstGEP); } } // namespace