| Issue |
55677
|
| Summary |
Sanitize store to constants
|
| Labels |
compiler-rt:asan,
llvm:optimizations
|
| Assignees |
|
| Reporter |
Teemperor
|
Since [D60659](https://reviews.llvm.org/D60659) LLVM is completely removing stores to constants in InstCombine. This can transform a program that might crash with a segfault into a program that runs just fine.
This has been brought up in the [commit email thread](https://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20190422/647341.html) with the suggestion to add a new sanitizer check for this case. There doesn't seem a bug report tracking this so I decided to file this one.
I checked all Ubuntu packages and checked where this optimization is actually applied and from what I can see this is happens just 3 times:
* In Chrome's zlib where the respective BB seems unreachable.
* busybox (as pointed out in the commit thread). Note that this bug was only fixed about 6 months ago and it seems to rely on inline assembly (just from looking at the code I am not sure if this is actually fixed and they already tried to fix this with 3 patches so far).
* Some [binary in the jackd audio daemon](https://github.com/jackaudio/jack-example-tools/pull/68) ended up falling to this C pattern:
```
char *invalid_flag = "'- '";
invalid_flag[2] = c;
print_msg(invalid_flag);
```
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
