[cfe-dev] Clang produces corrupt pch leading to crash

Tobias Hahn tobias.hahn at ableton.com
Fri Jun 20 05:52:16 PDT 2014 

I've built a debug version of clang with address sanitizer support (-fsanitize=address), and it also suggests that it is a use-after-free bug when using (not compiling as I mistakenly claimed before) the precompiled header:

> SUMMARY: AddressSanitizer: heap-use-after-free ??:0 clang::LazyOffsetPtr<clang::Decl, unsigned int, &(clang::ExternalASTSource::GetExternalDecl(unsigned int))>::operator=(clang::Decl*)
> Shadow bytes around the buggy address:
<snip>
>   0x1c3200005890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> =>0x1c32000058a0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
>   0x1c32000058b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x1c32000058c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x1c32000058d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
<snip>
> Shadow byte legend (one shadow byte represents 8 application bytes):
>   Addressable:           00
>   Partially addressable: 01 02 03 04 05 06 07
>   Heap left redzone:     fa
>   Heap right redzone:    fb
>   Freed heap region:     fd

(I have attached the full output from asan.)

Best,
Tobias

Am 17.06.2014 um 20:36 schrieb Tobias Hahn <tobias.hahn at ableton.com>:

> Thanks for the quick feedback :)
>
> I've reproduced this on the latest master as well as several versions that ship with Xcode (and I've also reported it to Apple). The isystem include is only necessary in versions built from source, otherwise clang doesn't seem to find libc++. The versions shipping with Xcode don't need this, they seem to find it using a compiled in path.
>
> The <list> include seems necessary; it doesn't crash for me when I remove it. I'll see if I can find a Linux-box where I can reproduce it.
>
> Thanks for looking into it.
> Tobias
>
> Am 17.06.2014 um 00:17 schrieb "Nikola Smiljanic" <popizdeh at gmail.com>:
>
>> It might make sense to file this with apple if you're using clang shipped with XCode as they ship their own releases. What version of clang are you using? Is the isystem flag important? What about #include <list>? I've tried to reproduce this but it's not so straightforward because I'm on linux and some of the stuff in that bash script assumes mac os... I was wondering if it's possible to reduce this to something that's reproducible everywhere or if this is a mac specific issue.
>>
>>
>> On Mon, Jun 16, 2014 at 11:55 PM, Nikola Smiljanic <popizdeh at gmail.com> wrote:
>> Thanks for the detailed report! The only thing you can do more is try and debug this yourself ;)
>>
>>
>> On Mon, Jun 16, 2014 at 8:33 PM, Tobias Hahn <tobias.hahn at ableton.com> wrote:
>> Hi all,
>>
>> I've run into (what I believe is) a memory bug with clang while producing a precompiled header. In short, under certain circumstances, clang will write a pch that causes a crash when trying to use this pch in a later compilation unit.
>>
>> Occasionally, while clang is compiling the pch, malloc complains that one of its checksums has been overwritten; while at other times, clang throws an error that a definition has a different exception specification than the declaration two lines above it (when both have no exception specification). Both these symptoms lead me to believe that somewhere clang overwrites memory.
>>
>> I have stripped the code that reliably causes this crash down to a few hundred lines and have created a little script to reproduce the bug (details at http://llvm.org/bugs/show_bug.cgi?id=20026). I'm not sure, however, about your process for handling such bugs, which is why I'm cross-posting here. My main question is if there is anything else I could provide you with to help fixing this issue.
>>
>> Thank you very much in advance!
>>
>> Best,
>> Tobias
>>
>>
>> Ableton AG, Schoenhauser Allee 6-7, 10119 Berlin, Germany
>> Sitz (Registered Office) Berlin, Amtsgericht Berlin-Charlottenburg, HRB 72838
>> Vorstand (Management Board): Gerhard Behles, Jan Bohl
>> Vorsitzender des Aufsichtsrats (Chair of the Supervisory Board): Uwe Struck
>>
>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>
>>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

Ableton AG, Schoenhauser Allee 6-7, 10119 Berlin, Germany
Sitz (Registered Office) Berlin, Amtsgericht Berlin-Charlottenburg, HRB 72838
Vorstand (Management Board): Gerhard Behles, Jan Bohl
Vorsitzender des Aufsichtsrats (Chair of the Supervisory Board): Uwe Struck



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140620/587f1a94/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crashIt.log
Type: application/octet-stream
Size: 26119 bytes
Desc: crashIt.log
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140620/587f1a94/attachment.obj>

More information about the cfe-dev mailing list