diff options
author | Scott Pillow <scott.pillow@intel.com> | 2025-10-10 18:02:46 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2025-10-10 21:02:46 -0400 |
commit | cb4fdc00102f351606c57afc497d939103cac026 (patch) | |
tree | 6eb598fd93a851262e211319d7a9ad971d7d3ce3 /llvm/lib/CodeGen/StackMapLivenessAnalysis.cpp | |
parent | 720007e4b782c2446c5f10dd1e7733f4b6b323f1 (diff) | |
download | llvm-cb4fdc00102f351606c57afc497d939103cac026.zip llvm-cb4fdc00102f351606c57afc497d939103cac026.tar.gz llvm-cb4fdc00102f351606c57afc497d939103cac026.tar.bz2 |
[Support] Fix thread safety issue in raw_null_ostream (#162787)
The global raw_null_ostream singleton returned by llvm::nulls() is
marked as InternalBuffer rather than Unbuffered, causing it to
allocate a buffer when first written to. In multithreaded environments,
multiple threads can simultaneously trigger buffer allocation via
SetBuffered(), leading to race conditions on the buffer pointer
fields (OutBufCur, OutBufEnd).
For example:
raw_ostream::write(const char *Ptr, size_t Size)
->
raw_ostream::SetBuffered()
->
raw_ostream::SetBufferSize(size_t Size)
->
raw_ostream::SetBufferAndMode(char *BufferStart, size_t Size,
BufferKind Mode)
This can manifest as a heap corruption when multiple threads write to
the
null stream concurrently, as the buffer pointers will become corrupted
during the race.
The fix is to explicitly pass Unbuffered=true to the raw_pwrite_stream
constructor, ensuring the null stream never allocates a buffer and
all writes go directly to the no-op write_impl().
For example, this can fix multithreaded applications using MCELFStreamer
where getCommentOS() returns the shared nulls() singleton.
Diffstat (limited to 'llvm/lib/CodeGen/StackMapLivenessAnalysis.cpp')
0 files changed, 0 insertions, 0 deletions