Fix execute after free issue with llvm (and presumably cranelift?)

2025-06-13 00:51:20 +00:00 · 2019-03-04 14:41:56 -08:00
parent 039ebdcf75
commit 7ef2c0dece
6 changed files with 88 additions and 48 deletions
--- a/lib/llvm-backend/src/backend.rs
+++ b/lib/llvm-backend/src/backend.rs
@ -278,7 +278,7 @@ impl LLVMBackend {
        info: &ModuleInfo,
        local_func_index: LocalFuncIndex,
    ) -> Option<NonNull<vm::Func>> {
-        let index = local_func_index.index();
+        let index = info.imported_functions.len() + local_func_index.index();
        let name = if cfg!(target_os = "macos") {
            format!("_fn{}", index)
        } else {
--- a/lib/llvm-backend/src/code.rs
+++ b/lib/llvm-backend/src/code.rs
@ -136,6 +136,8 @@ pub fn parse_function_bodies(
    pass_manager.add_aggressive_dce_pass();
    pass_manager.run_on_module(&module);

+    // module.print_to_stderr();
+
    Ok((module, intrinsics))
 }

@ -671,15 +673,11 @@ fn parse_function(

                        let func_ptr_ty = llvm_sig.ptr_type(AddressSpace::Generic);

-                        // Once we can just bitcast between pointer types, remove this.
-                        let func_ptr = {
-                            let ptr_int = builder.build_ptr_to_int(
-                                func_ptr_untyped,
-                                intrinsics.i64_ty,
-                                "func_ptr_int",
-                            );
-                            builder.build_int_to_ptr(ptr_int, func_ptr_ty, "typed_func_ptr")
-                        };
+                        let func_ptr = builder.build_pointer_cast(
+                            func_ptr_untyped,
+                            func_ptr_ty,
+                            "typed_func_ptr",
+                        );

                        builder.build_call(func_ptr, &params, &state.var_name())
                    }
--- a/lib/llvm-backend/src/intrinsics.rs
+++ b/lib/llvm-backend/src/intrinsics.rs
@ -197,7 +197,6 @@ impl Intrinsics {
                    .ptr_type(AddressSpace::Generic)
                    .as_basic_type_enum(),
                imported_func_ty
-                    .ptr_type(AddressSpace::Generic)
                    .ptr_type(AddressSpace::Generic)
                    .as_basic_type_enum(),
                sigindex_ty
@ -713,16 +712,13 @@ impl<'a> CtxType<'a> {
                .build_load(func_array_ptr_ptr, "func_array_ptr")
                .into_pointer_value();
            let const_index = intrinsics.i32_ty.const_int(index.index() as u64, false);
-            let imported_func_ptr_ptr = unsafe {
+            let imported_func_ptr = unsafe {
                cache_builder.build_in_bounds_gep(
                    func_array_ptr,
                    &[const_index],
-                    "imported_func_ptr_ptr",
+                    "imported_func_ptr",
                )
            };
-            let imported_func_ptr = cache_builder
-                .build_load(imported_func_ptr_ptr, "imported_func_ptr")
-                .into_pointer_value();
            let (func_ptr_ptr, ctx_ptr_ptr) = unsafe {
                (
                    cache_builder.build_struct_gep(imported_func_ptr, 0, "func_ptr_ptr"),