Skip to content

Commit 55779ee

Browse files
borsbors
committed
Auto merge of #123941 - Mark-Simulacrum:fix-llvm-ub, r=nikic
Fix UB in LLVM FFI when passing zero or >1 bundle Rust passes a `*const &OperandBundleDef` to these APIs, usually from a `Vec<&OperandBundleDef>` or so. Previously we were dereferencing that pointer and passing it to the ArrayRef constructor with some length (N). This meant that if the length was 0, we were dereferencing a pointer to nowhere (if the vector on the Rust side didn't actually get allocated or so), and if the length was >1 then loading the *second* element somewhere in LLVM would've been reading past the end. Since Rust can't hold OperandBundleDef by-value we're forced to indirect through a vector that copies out the OperandBundleDefs from the by-reference list on the Rust side in order to match the LLVM expected API.
2 parents 9db7a74 + bf3decc commit 55779ee

File tree

1 file changed

+29
-6
lines changed

1 file changed

+29
-6
lines changed

compiler/rustc_llvm/llvm-wrapper/RustWrapper.cpp

+29-6
Original file line numberDiff line numberDiff line change
@@ -1524,13 +1524,21 @@ extern "C" void LLVMRustFreeOperandBundleDef(OperandBundleDef *Bundle) {
15241524

15251525
extern "C" LLVMValueRef LLVMRustBuildCall(LLVMBuilderRef B, LLVMTypeRef Ty, LLVMValueRef Fn,
15261526
LLVMValueRef *Args, unsigned NumArgs,
1527-
OperandBundleDef **OpBundles,
1527+
OperandBundleDef **OpBundlesIndirect,
15281528
unsigned NumOpBundles) {
15291529
Value *Callee = unwrap(Fn);
15301530
FunctionType *FTy = unwrap<FunctionType>(Ty);
1531+
1532+
// FIXME: Is there a way around this?
1533+
SmallVector<OperandBundleDef> OpBundles;
1534+
OpBundles.reserve(NumOpBundles);
1535+
for (unsigned i = 0; i < NumOpBundles; ++i) {
1536+
OpBundles.push_back(*OpBundlesIndirect[i]);
1537+
}
1538+
15311539
return wrap(unwrap(B)->CreateCall(
15321540
FTy, Callee, ArrayRef<Value*>(unwrap(Args), NumArgs),
1533-
ArrayRef<OperandBundleDef>(*OpBundles, NumOpBundles)));
1541+
ArrayRef<OperandBundleDef>(OpBundles)));
15341542
}
15351543

15361544
extern "C" LLVMValueRef LLVMRustGetInstrProfIncrementIntrinsic(LLVMModuleRef M) {
@@ -1570,13 +1578,21 @@ extern "C" LLVMValueRef
15701578
LLVMRustBuildInvoke(LLVMBuilderRef B, LLVMTypeRef Ty, LLVMValueRef Fn,
15711579
LLVMValueRef *Args, unsigned NumArgs,
15721580
LLVMBasicBlockRef Then, LLVMBasicBlockRef Catch,
1573-
OperandBundleDef **OpBundles, unsigned NumOpBundles,
1581+
OperandBundleDef **OpBundlesIndirect, unsigned NumOpBundles,
15741582
const char *Name) {
15751583
Value *Callee = unwrap(Fn);
15761584
FunctionType *FTy = unwrap<FunctionType>(Ty);
1585+
1586+
// FIXME: Is there a way around this?
1587+
SmallVector<OperandBundleDef> OpBundles;
1588+
OpBundles.reserve(NumOpBundles);
1589+
for (unsigned i = 0; i < NumOpBundles; ++i) {
1590+
OpBundles.push_back(*OpBundlesIndirect[i]);
1591+
}
1592+
15771593
return wrap(unwrap(B)->CreateInvoke(FTy, Callee, unwrap(Then), unwrap(Catch),
15781594
ArrayRef<Value*>(unwrap(Args), NumArgs),
1579-
ArrayRef<OperandBundleDef>(*OpBundles, NumOpBundles),
1595+
ArrayRef<OperandBundleDef>(OpBundles),
15801596
Name));
15811597
}
15821598

@@ -1585,7 +1601,7 @@ LLVMRustBuildCallBr(LLVMBuilderRef B, LLVMTypeRef Ty, LLVMValueRef Fn,
15851601
LLVMBasicBlockRef DefaultDest,
15861602
LLVMBasicBlockRef *IndirectDests, unsigned NumIndirectDests,
15871603
LLVMValueRef *Args, unsigned NumArgs,
1588-
OperandBundleDef **OpBundles, unsigned NumOpBundles,
1604+
OperandBundleDef **OpBundlesIndirect, unsigned NumOpBundles,
15891605
const char *Name) {
15901606
Value *Callee = unwrap(Fn);
15911607
FunctionType *FTy = unwrap<FunctionType>(Ty);
@@ -1597,11 +1613,18 @@ LLVMRustBuildCallBr(LLVMBuilderRef B, LLVMTypeRef Ty, LLVMValueRef Fn,
15971613
IndirectDestsUnwrapped.push_back(unwrap(IndirectDests[i]));
15981614
}
15991615

1616+
// FIXME: Is there a way around this?
1617+
SmallVector<OperandBundleDef> OpBundles;
1618+
OpBundles.reserve(NumOpBundles);
1619+
for (unsigned i = 0; i < NumOpBundles; ++i) {
1620+
OpBundles.push_back(*OpBundlesIndirect[i]);
1621+
}
1622+
16001623
return wrap(unwrap(B)->CreateCallBr(
16011624
FTy, Callee, unwrap(DefaultDest),
16021625
ArrayRef<BasicBlock*>(IndirectDestsUnwrapped),
16031626
ArrayRef<Value*>(unwrap(Args), NumArgs),
1604-
ArrayRef<OperandBundleDef>(*OpBundles, NumOpBundles),
1627+
ArrayRef<OperandBundleDef>(OpBundles),
16051628
Name));
16061629
}
16071630

0 commit comments

Comments
 (0)