Segmentation fault with your recent new[]/delete[] warning patch

Diego Novillo dnovillo at google.com
Thu May 14 14:02:40 PDT 2015 

I've reverted this change for now (r237391). I am reducing the
original file. I hope to have a test case for you later
today/tomorrow.


Thanks.  Diego.

On Thu, May 14, 2015 at 3:20 PM, Diego Novillo <dnovillo at google.com> wrote:
>
> Ismail,
>
> I ran into a segfault inside the new warning you added in
> http://reviews.llvm.org/D4661.  I don't have a repro case for you, but I'm
> in a debugging session now and this may help you (and me getting a test case
> for you).
>
> We die in
>
> clang: llvm/llvm/include/llvm/Support/Casting.h:95: static bool
> llvm::isa_impl_cl<const clang::CXXNewExpr, const clang::Expr *>::doit(const
> From *) [To = const clang::CXXNewExpr, From = const clang::Expr *]:
> Assertion `Val && "isa<> used on a null pointer"' failed.
>
> The issue starts in MismatchingNewDeleteDetector::analyzeInClassInitializer.
> The call to Field->getInClassInitializer() returns the expression:
>
> (gdb) call E->dump()
> InitListExpr 0x7ffff6cdf010 'class Cord *'
> `-ImplicitCastExpr 0x7ffff6cdf050 'class Cord *' <NullToPointer>
>   `-CXXNullPtrLiteralExpr 0x7ffff6cdefb0 'nullptr_t'
>
> We then call MismatchingNewDeleteDetector::getNewExprFromInitListOrExpr()
> with that expression. The function checks that the initial expression is not
> null, but we then decide to get the first init from the list of inits, which
> returns a nullptr:
>
> 2451        if (ILE->getNumInits() == 1)
> (gdb) call ILE->dump()
> InitListExpr 0x7ffff6cdf010 'class Cord *'
> `-ImplicitCastExpr 0x7ffff6cdf050 'class Cord *' <NullToPointer>
>   `-CXXNullPtrLiteralExpr 0x7ffff6cdefb0 'nullptr_t'
> (gdb) n
> 2452          E = dyn_cast<const
> CXXNewExpr>(ILE->getInit(0)->IgnoreParenImpCasts());
> (gdb) n
> 2453      }
> (gdb) p E
> $6 = (const clang::Expr *) 0x0
>
> Then we try to dyn_cast<> it, which segfaults:
>
> (gdb) n
> 2455      return dyn_cast<const CXXNewExpr>(E);
> (gdb) n
> clang: third_party/llvm/llvm/include/llvm/Support/Casting.h:95: static bool
> llvm::isa_impl_cl<const clang::CXXNewExpr, const clang::Expr *>::doit(const
> From *) [To = const clang::CXXNewExpr, From = const clang::Expr *]:
> Assertion `Val && "isa<> used on a null pointer"' failed.
>
> Program received signal SIGABRT, Aborted.
>
>
>
> I don't know whether we should just return nil when E gets nullfiied or this
> is a sign of some other problem.
>
>
> Thanks.  Diego.

More information about the cfe-commits mailing list