<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - Abort trap(6) and "detected buffer overflow" message with trunk clang but not Apple clang"

   href="https://llvm.org/bugs/show_bug.cgi?id=24878">24878</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Abort trap(6) and "detected buffer overflow" message with trunk clang but not Apple clang

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>MacOS X

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>-New Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>alex@rogue-research.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=14905" name="attach_14905" title="small code to reproduce problem">attachment 14905</a> <a href="attachment.cgi?id=14905&action=edit" title="small code to reproduce problem">[details]</a></span>

small code to reproduce problem

I have the following two clang versions:

 - trunk

   $ clang --version

   clang version 3.8.0 (trunk 248023)

 - clang from Xcode 7:

   $ /usr/bin/clang --version

   Apple LLVM version 7.0.0 (clang-700.0.72)

   Target: x86_64-apple-darwin15.0.0

This is on Mac OS 10.10.5.

The following code is crashing with trunk, but works with Apple's clang.

   $ clang -o trap trap.c

   $ ./trap

   Abort trap: 6

Also when looking in the OS X Console app, the following line appears:

   2015-09-18 16:46:05.663 trap[2785]: detected buffer overflow

Here is the crash in LLDB:

(lldb) r

Process 2796 launched: '/Users/builder/external/mini.repro/trap' (x86_64)

Process 2796 stopped

* thread #1: tid = 0x165461, 0x00007fff8a3190ae

libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread',

stop reason = signal SIGABRT

    frame #0: 0x00007fff8a3190ae libsystem_kernel.dylib`__pthread_kill + 10

libsystem_kernel.dylib`__pthread_kill:

->  0x7fff8a3190ae <+10>: jae    0x7fff8a3190b8            ; <+20>

    0x7fff8a3190b0 <+12>: movq   %rax, %rdi

    0x7fff8a3190b3 <+15>: jmp    0x7fff8a3143ef            ; cerror_nocancel

    0x7fff8a3190b8 <+20>: retq

(lldb) bt

* thread #1: tid = 0x165461, 0x00007fff8a3190ae

libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread',

stop reason = signal SIGABRT

  * frame #0: 0x00007fff8a3190ae libsystem_kernel.dylib`__pthread_kill + 10

    frame #1: 0x00007fff917fc500 libsystem_pthread.dylib`pthread_kill + 90

    frame #2: 0x00007fff97c7f37b libsystem_c.dylib`abort + 129

    frame #3: 0x00007fff97c7f4f2 libsystem_c.dylib`abort_report_np + 181

    frame #4: 0x00007fff97ca59cc libsystem_c.dylib`__chk_fail + 48

    frame #5: 0x00007fff97ca599c libsystem_c.dylib`__chk_fail_overflow + 16

    frame #6: 0x00007fff97ca5be9 libsystem_c.dylib`__strcpy_chk + 83

    frame #7: 0x0000000100000f14 trap`main + 100

    frame #8: 0x00007fff966a15ad libdyld.dylib`start + 1

sincerely,

Alex Ciobanu

//===== trap.c ===============

#include <stddef.h>

#include <stdlib.h>

#include <wchar.h>

#include <string.h>

// Struct as defined in libarchive/archive_read_open_filename.c:

//   

<a href="http://web.mit.edu/freebsd/head/contrib/libarchive/libarchive/archive_read_open_filename.c">http://web.mit.edu/freebsd/head/contrib/libarchive/libarchive/archive_read_open_filename.c</a>

struct read_file_data {

        int      fd;

        union {

                char     m[1]; /* MBS filename. */

                wchar_t  w[1]; /* WCS filename. */

        } filename; /* Must be last! */

};

int main ()

{

    const wchar_t *longName  = L"VeryLongName";

    // Allocate enough memory for long name.

        struct read_file_data *mine = ( struct read_file_data * ) calloc ( 1,

sizeof ( *mine ) + wcslen ( longName ) * sizeof ( wchar_t ) );

    // Fail to copy short name.

    const char *shortName = "abc";

        strcpy(mine->filename.m, shortName);

    // Above copy scenario happens in

libarchive/archive_read_open_filename.c:201. (See link above).

    return 0;

}</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>