[llvm-bugs] [Bug 25522] New: double free or corruption

[via llvm-bugs]

https://llvm.org/bugs/show_bug.cgi?id=25522

            Bug ID: 25522
           Summary: double free or corruption
           Product: clang
           Version: 3.5
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: libclang
          Assignee: unassignedclangbugs at nondot.org
          Reporter: reznikmm at gmail.com
                CC: klimek at google.com, llvm-bugs at lists.llvm.org
    Classification: Unclassified

CXIndex is supposed to be thread-safe.
(See for instance
http://clang-developers.42468.n3.nabble.com/Is-a-CXIndex-thread-safe-td4027810.html)

But sometimes we get error:

 *** Error in `./gps_exe': double free or corruption (fasttop):

Demangled backtrace for libclang.so looks like this:

/lib64/libc.so.6(+0x75a4f)[0x7f5925b50a4f]
/lib64/libc.so.6(+0x7cd78)[0x7f5925b57d78]
<clang::CIndexer::getClangResourcesPath()+596>
<clang_parseTranslationUnit_Impl+1418>
<llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)+187>
<RunSafelyOnThread_Dispatch(void*)+23>
<ExecuteOnThread_Dispatch(void*)+13>

clang::CIndexer::getClangResourcesPath is very simple function.
Double deallocation could be happen there when two threads call it
on the same object at the same time (and this should be the very first
call). In this case it caches the result in object's member property
(std::string ResourcesPath;).

Because writing to std::string is not thread-safe, call to
getClangResourcesPath is not thread-safe neither and results in memory
corruption.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151113/b6bff4e2/attachment.html>