Skip to content

clang: SEGV /src/llvm-project/llvm/include/llvm/ADT/ArrayRef.h:158:33 in empty #64065

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Jminis opened this issue Jul 24, 2023 · 2 comments
Closed

clang: SEGV /src/llvm-project/llvm/include/llvm/ADT/ArrayRef.h:158:33 in empty #64065

Jminis opened this issue Jul 24, 2023 · 2 comments
Labels
clang:frontend Language frontend issues, e.g. anything involving "Sema" crash Prefer [crash-on-valid] or [crash-on-invalid] objective-c

Comments

@Jminis
Copy link

Jminis commented Jul 24, 2023

The crash was reproduced based on information discovered by the fuzzer using the clang-objc-fuzzer registered in the llvm-project on oss-fuzz.

clang log

root@DESKTOP-LSPHR48:/home/qwer/mylab/asan# clang test.m -O2
test.m:1:15: error: missing '@end'
@interface Roo@interface
              ^
test.m:1:1: note: class started here
@interface Roo@interface
^
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /usr/lib/llvm-14/bin/clang -cc1 -triple x86_64-pc-linux-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name test.m -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb -fcoverage-compilation-dir=/home/qwer/mylab/asan -resource-dir /usr/lib/llvm-14/lib/clang/14.0.0 -internal-isystem /usr/lib/llvm-14/lib/clang/14.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/home/qwer/mylab/asan -ferror-limit 19 -fgnuc-version=4.2.1 -fobjc-runtime=gcc -fobjc-encode-cxx-class-template-spec -fobjc-exceptions -fcolor-diagnostics -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/test-3fc9e8.o -x objective-c test.m
1.      <unknown> parser at unknown location
 #0 0x00007f1fb442ed01 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe3fd01)
 #1 0x00007f1fb442ca3e llvm::sys::RunSignalHandlers() (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe3da3e)
 #2 0x00007f1fb442f236 (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe40236)
 #3 0x00007f1fb30d8520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007f1fba85a94d clang::Lexer::Lex(clang::Token&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x99994d)
 #5 0x00007f1fba8bed04 clang::Preprocessor::Lex(clang::Token&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x9fdd04)
 #6 0x00007f1fba92de8e clang::Parser::ParseObjCInterfaceDeclList(clang::tok::ObjCKeywordKind, clang::Decl*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0xa6ce8e)
 #7 0x00007f1fba929e05 clang::Parser::ParseObjCAtInterfaceDeclaration(clang::SourceLocation, clang::ParsedAttributes&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0xa68e05)
 #8 0x00007f1fba929343 clang::Parser::ParseObjCAtDirectives(clang::ParsedAttributesWithRange&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0xa68343)
 #9 0x00007f1fba983e5c clang::Parser::ParseExternalDeclaration(clang::ParsedAttributesWithRange&, clang::ParsingDeclSpec*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0xac2e5c)
#10 0x00007f1fba982b1d clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, bool) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0xac1b1d)
#11 0x00007f1fba982687 clang::Parser::ParseFirstTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0xac1687)
#12 0x00007f1fba8c57d6 clang::ParseAST(clang::Sema&, bool, bool) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0xa047d6)
#13 0x00007f1fbba39b71 clang::CodeGenAction::ExecuteAction() (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x1b78b71)
#14 0x00007f1fbc3d5b57 clang::FrontendAction::Execute() (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2514b57)
#15 0x00007f1fbc32d3a6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x246c3a6)
#16 0x00007f1fbc44f45b clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x258e45b)
#17 0x000000000041328b cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/lib/llvm-14/bin/clang+0x41328b)
#18 0x00000000004114bc (/usr/lib/llvm-14/bin/clang+0x4114bc)
#19 0x0000000000411307 main (/usr/lib/llvm-14/bin/clang+0x411307)
#20 0x00007f1fb30bfd90 __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#21 0x00007f1fb30bfe40 call_init ./csu/../csu/libc-start.c:128:20
#22 0x00007f1fb30bfe40 __libc_start_main ./csu/../csu/libc-start.c:379:5
#23 0x000000000040e3b5 _start (/usr/lib/llvm-14/bin/clang+0x40e3b5)
clang: error: unable to execute command: Segmentation fault
clang: error: clang frontend command failed due to signal (use -v to see invocation)
Ubuntu clang version 14.0.0-1ubuntu1
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /tmp/test-e4db3e.m
clang: note: diagnostic msg: /tmp/test-e4db3e.sh
clang: note: diagnostic msg:

********************

/tmp/test-e4db3e.m

# 1 "<built-in>"
# 1 "test.m"
@interface Roo@interface

/tmp/test-e4db3e.sh

# Crash reproducer for Ubuntu clang version 14.0.0-1ubuntu1
# Driver args: "test.m" "-O2"
# Original command:  "/usr/lib/llvm-14/bin/clang" "-cc1" "-triple" "x86_64-pc-linux-gnu" "-emit-obj" "--mrelax-relocations" "-disable-free" "-clear-ast-before-backend" "-disable-llvm-verifier" "-discard-value-names" "-main-file-name" "test.m" "-mrelocation-model" "pic" "-pic-level" "2" "-pic-is-pie" "-mframe-pointer=none" "-fmath-errno" "-ffp-contract=on" "-fno-rounding-math" "-mconstructor-aliases" "-funwind-tables=2" "-target-cpu" "x86-64" "-tune-cpu" "generic" "-mllvm" "-treat-scalable-fixed-error-as-warning" "-debugger-tuning=gdb" "-fcoverage-compilation-dir=/home/qwer/mylab/asan" "-resource-dir" "/usr/lib/llvm-14/lib/clang/14.0.0" "-internal-isystem" "/usr/lib/llvm-14/lib/clang/14.0.0/include" "-internal-isystem" "/usr/local/include" "-internal-isystem" "/usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../x86_64-linux-gnu/include" "-internal-externc-isystem" "/usr/include/x86_64-linux-gnu" "-internal-externc-isystem" "/include" "-internal-externc-isystem" "/usr/include" "-O2" "-fdebug-compilation-dir=/home/qwer/mylab/asan" "-ferror-limit" "19" "-fgnuc-version=4.2.1" "-fobjc-runtime=gcc" "-fobjc-encode-cxx-class-template-spec" "-fobjc-exceptions" "-fcolor-diagnostics" "-vectorize-loops" "-vectorize-slp" "-faddrsig" "-D__GCC_HAVE_DWARF2_CFI_ASM=1" "-o" "/tmp/test-3fc9e8.o" "-x" "objective-c" "test.m"
 "/usr/lib/llvm-14/bin/clang" "-cc1" "-triple" "x86_64-pc-linux-gnu" "-emit-obj" "--mrelax-relocations" "-disable-free" "-clear-ast-before-backend" "-disable-llvm-verifier" "-discard-value-names" "-main-file-name" "test.m" "-mrelocation-model" "pic" "-pic-level" "2" "-pic-is-pie" "-mframe-pointer=none" "-fmath-errno" "-ffp-contract=on" "-fno-rounding-math" "-mconstructor-aliases" "-funwind-tables=2" "-target-cpu" "x86-64" "-tune-cpu" "generic" "-mllvm" "-treat-scalable-fixed-error-as-warning" "-debugger-tuning=gdb" "-fcoverage-compilation-dir=/home/qwer/mylab/asan" "-O2" "-fdebug-compilation-dir=/home/qwer/mylab/asan" "-ferror-limit" "19" "-fgnuc-version=4.2.1" "-fobjc-runtime=gcc" "-fobjc-encode-cxx-class-template-spec" "-fobjc-exceptions" "-fcolor-diagnostics" "-vectorize-loops" "-vectorize-slp" "-faddrsig" "-D__GCC_HAVE_DWARF2_CFI_ASM=1" "-x" "objective-c" "test-e4db3e.m"
@EugeneZelenko EugeneZelenko added clang:frontend Language frontend issues, e.g. anything involving "Sema" crash Prefer [crash-on-valid] or [crash-on-invalid] objective-c and removed new issue labels Jul 24, 2023
@llvmbot
Copy link
Member

llvmbot commented Jul 24, 2023

@llvm/issue-subscribers-clang-frontend

@danix800
Copy link
Member

Verified on both 13.0.1 & main. Fix proposed: https://reviews.llvm.org/D156277.

doru1004 pushed a commit to doru1004/llvm-project that referenced this issue Aug 3, 2023
@danix800 @doru1004
[Parser][ObjC] Fix crash on nested top-level block with better recove…
e0e6452 
…ry path

Delay consuming tokens until we are certain that the next token is not top
level block. Otherwise we bail out as if we saw an @EnD for better diagnostic
and recovery.

Fixes llvm#64065.

Reviewed By: rjmccall

Differential Revision: https://reviews.llvm.org/D156277.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
clang:frontend Language frontend issues, e.g. anything involving "Sema" crash Prefer [crash-on-valid] or [crash-on-invalid] objective-c
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@danix800 @EugeneZelenko @llvmbot @Jminis