[LLVMbugs] [Bug 20420] New: Crash in constant expr evaluator with -Wglobal-constructors and C++11

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Wed Jul 23 15:51:50 PDT 2014 

http://llvm.org/bugs/show_bug.cgi?id=20420

            Bug ID: 20420
           Summary: Crash in constant expr evaluator with
                    -Wglobal-constructors and C++11
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P
         Component: Frontend
          Assignee: unassignedclangbugs at nondot.org
          Reporter: rnk at google.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Consider:
$ cat t.cpp
void *x_storage[1];
const int& x = *(int*)x_storage;

$ clang -cc1 t.cpp -Wglobal-constructors -std=c++11
Assertion failed: begin() + idx < end(), file
D:\src\llvm\include\llvm/ADT/SmallVector.h, line 145
Stack dump:
0.      Program arguments: D:\src\llvm\build_debug\bin\clang.exe -cc1 t.cpp
-Wglobal-constructors -std=c++11
1.      t.cpp:2:32: current parser token ';'
0x038F508A (0x0000000A 0x00000000 0x00CFC244 0x038DA8FB), _NMSG_WRITE() + 0x8A
bytes(s), f:\dd\vctools\crt\crtw32\startup\crt0msg.c, line 226
0x038DDB7C (0x00CFC2E4 0x00CFC354 0xCCCCCCCC 0xCCCCCCCC), abort() + 0x1C
bytes(s), f:\dd\vctools\crt\crtw32\misc\abort.c, line 62 + 0x7 byte(s)
0x038DA8FB (0x044D5C08 0x044D58E0 0x00000091 0x00CFE854), _wassert() + 0xBEB
bytes(s), f:\dd\vctools\crt\crtw32\misc\assert.c, line 380
0x0377BEAD (0x00000000 0xCCCCCCCC 0xCCCCCCCC 0x00CFC32C),
llvm::SmallVectorTemplateCommon<clang::APValue::LValuePathEntry,void>::operator[]()
+ 0x3D bytes(s), d:\src\llvm\include\llvm\adt\smallvector.h, line 145 + 0x2E
byte(s)
0x037BB62E (0x00CFC444 0xCCCCCCCC 0xCCCCCCCC 0xCCCCCCCC), `anonymous
namespace'::SubobjectDesignator::isOnePastTheEnd() + 0x5E bytes(s),
d:\src\llvm\tools\clang\lib\ast\exprconstant.cpp, line 207 + 0x2F byte(s)
0x03756B07 (0x00CFC39C 0x00000025 0x050B5D60 0x00CFC314),
CheckLValueConstantExpression() + 0x227 bytes(s),
d:\src\llvm\tools\clang\lib\ast\exprconstant.cpp, line 1311 + 0x8 byte(s)
0x037544B1 (0x00CFC4E4 0x050A9698 0x00CFC79C 0x00CFE854),
clang::Expr::EvaluateAsLValue() + 0xC1 bytes(s),
d:\src\llvm\tools\clang\lib\ast\exprconstant.cpp, line 8167 + 0x76 byte(s)
0x036C41BC (0x050A9698 0x00000001 0x00000000 0x00CFD94C),
clang::Expr::isConstantInitializer() + 0x4C bytes(s),
d:\src\llvm\tools\clang\lib\ast\expr.cpp, line 2688 + 0x10 byte(s)
0x02D6E4F5 (0x050B5D90 0x00CFDC3C 0x00CFE854 0x00CFD840),
clang::Sema::CheckCompleteVariableDeclaration() + 0x715 bytes(s),
d:\src\llvm\tools\clang\lib\sema\semadecl.cpp, line 9173 + 0x39 byte(s)


Looks like SubobjectDesignator::isOnePastTheEnd() has an array OOB bug.

As a workaround, I can take the address of the array, rather than relying on
pointer decay.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140723/3fdb8115/attachment.html>

More information about the llvm-bugs mailing list