<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - segfault when oss-fuzz builds libtorrent"
href="https://bugs.llvm.org/show_bug.cgi?id=43814">43814</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>segfault when oss-fuzz builds libtorrent
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>C++
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>llvmbugzilla@pauldreik.se
</td>
</tr>
<tr>
<th>CC</th>
<td>blitzrakete@gmail.com, dgregor@apple.com, erik.pilkington@gmail.com, llvm-bugs@lists.llvm.org, richard-llvm@metafoo.co.uk
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=22732" name="attach_22732" title="part1 of reproducer">attachment 22732</a> <a href="attachment.cgi?id=22732&action=edit" title="part1 of reproducer">[details]</a></span>
part1 of reproducer
Oss-fuzz has reported build failure for libtorrent since 2019-09-18
<a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17308">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17308</a>
I suspected it was related to boost, so I switched to boost 1.70 but the same
thing happened. The output below is using 1.70, so not identical to the
oss-fuzz build but it should be irrelevant for the crash.
Here is an excerpt of the build failure, when running the oss-fuzz docker build
locally:
(unfortunately I had to splite the huge file in two, to pass the size limit on
attachments)
...failed clang-linux.compile.c++.without-pch
../bin/clang-linux-ossfuzz/release/asserts-on/crypto-openssl/debug-iterators-on/debug-symbols-on/export-extra-on/fuzz-external/link-static/threading-multi/src/peer_connection.o...
clang-linux.compile.c++.without-pch
../bin/clang-linux-ossfuzz/release/asserts-on/crypto-openssl/debug-iterators-on/debug-symbols-on/export-extra-on/fuzz-external/link-static/threading-multi/src/web_connection_base.o
Stack dump:
0. Program arguments: /usr/local/bin/clang-10 -cc1 -triple
x86_64-unknown-linux-gnu -emit-obj -disable-free -disable-llvm-verifier
-discard-value-names -main-file-name web_connection_base.cpp -mrelocation-model
static -mthread-model posix -mframe-pointer=all -fmath-errno -masm-verbose
-mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64
-dwarf-column-info -debug-info-kind=line-tables-only -dwarf-version=4
-debugger-tuning=gdb -resource-dir /usr/local/lib/clang/10.0.0 -D
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D BOOST_ALL_NO_LIB -D
BOOST_ASIO_ENABLE_CANCELIO -D BOOST_ASIO_HAS_STD_CHRONO -D
BOOST_MULTI_INDEX_DISABLE_SERIALIZATION -D BOOST_NO_DEPRECATED -D
BOOST_SYSTEM_NO_DEPRECATED -D BOOST_SYSTEM_STATIC_LINK=1 -D NDEBUG -D
OPENSSL_NO_SSL2 -D TORRENT_BUILDING_LIBRARY -D TORRENT_EXPORT_EXTRA -D
TORRENT_USE_ASSERTS=1 -D TORRENT_USE_I2P=1 -D TORRENT_USE_LIBCRYPTO -D
TORRENT_USE_OPENSSL -D _FILE_OFFSET_BITS=64 -D _GLIBCXX_DEBUG -D
_GLIBCXX_DEBUG_PEDANTIC -D _WIN32_WINNT=0x0600 -I ../ed25519/src -I ../include
-I ../include/libtorrent -I /src/boost_1_70_0 -I /usr/local/include -I
/usr/sfw/include -internal-isystem /usr/local/bin/../include/c++/v1
-internal-isystem /usr/local/include -internal-isystem
/usr/local/lib/clang/10.0.0/include -internal-externc-isystem
/usr/include/x86_64-linux-gnu -internal-externc-isystem /include
-internal-externc-isystem /usr/include -O1 -Wall -Wno-inline
-Wno-c++98-compat-pedantic -Weverything -Wno-documentation
-Wno-exit-time-destructors -Wno-global-constructors -Wno-padded
-Wno-return-std-move-in-c++11 -Wno-unknown-warning-option -Wno-weak-vtables
-fdeprecated-macro -fdebug-compilation-dir /src/libtorrent/fuzzers
-ferror-limit 19 -fmessage-length 0 -pthread -fobjc-runtime=gcc
-fcxx-exceptions -fexceptions -fdiagnostics-show-option -faddrsig -o
../bin/clang-linux-ossfuzz/release/asserts-on/crypto-openssl/debug-iterators-on/debug-symbols-on/export-extra-on/fuzz-external/link-static/threading-multi/src/web_connection_base.o
-x c++ ../src/web_connection_base.cpp
1. <eof> parser at end of file
#0 0x000000000149d5b4 PrintStackTraceSignalHandler(void*)
(/usr/local/bin/clang-10+0x149d5b4)
#1 0x000000000149b48e llvm::sys::RunSignalHandlers()
(/usr/local/bin/clang-10+0x149b48e)
#2 0x000000000149d9a8 SignalHandler(int) (/usr/local/bin/clang-10+0x149d9a8)
#3 0x00007f45d44e8390 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x11390)
#4 0x0000000001816ffd
clang::CodeGen::CodeGenFunction::EmitEndEHSpec(clang::Decl const*)
(/usr/local/bin/clang-10+0x1816ffd)
#5 0x00000000016b4112
clang::CodeGen::CodeGenFunction::FinishFunction(clang::SourceLocation)
(/usr/local/bin/clang-10+0x16b4112)
#6 0x00000000016b0365
clang::CodeGen::CodeGenFunction::EmitMustTailThunk(clang::GlobalDecl,
llvm::Value*, llvm::FunctionCallee) (/usr/local/bin/clang-10+0x16b0365)
#7 0x00000000016b047c
clang::CodeGen::CodeGenFunction::generateThunk(llvm::Function*,
clang::CodeGen::CGFunctionInfo const&, clang::GlobalDecl, clang::ThunkInfo
const&, bool) (/usr/local/bin/clang-10+0x16b047c)
#8 0x00000000016b08f6
clang::CodeGen::CodeGenVTables::maybeEmitThunk(clang::GlobalDecl,
clang::ThunkInfo const&, bool) (/usr/local/bin/clang-10+0x16b08f6)
#9 0x00000000016b0c4f
clang::CodeGen::CodeGenVTables::addVTableComponent(clang::CodeGen::ConstantArrayBuilder&,
clang::VTableLayout const&, unsigned int, llvm::Constant*, unsigned int&)
(/usr/local/bin/clang-10+0x16b0c4f)
#10 0x00000000016b1199
clang::CodeGen::CodeGenVTables::createVTableInitializer(clang::CodeGen::ConstantStructBuilder&,
clang::VTableLayout const&, llvm::Constant*)
(/usr/local/bin/clang-10+0x16b1199)
#11 0x000000000172ec21 (anonymous
namespace)::ItaniumCXXABI::emitVTableDefinitions(clang::CodeGen::CodeGenVTables&,
clang::CXXRecordDecl const*) (/usr/local/bin/clang-10+0x172ec21)
#12 0x0000000002c000d9 clang::Sema::DefineUsedVTables()
(/usr/local/bin/clang-10+0x2c000d9)
#13 0x00000000029e3fee
clang::Sema::ActOnEndOfTranslationUnitFragment(clang::Sema::TUFragmentKind)
(/usr/local/bin/clang-10+0x29e3fee)
#14 0x00000000029e4284 clang::Sema::ActOnEndOfTranslationUnit()
(/usr/local/bin/clang-10+0x29e4284)
#15 0x00000000028dd47e
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, bool)
(/usr/local/bin/clang-10+0x28dd47e)
#16 0x00000000028d85ad clang::ParseAST(clang::Sema&, bool, bool)
(/usr/local/bin/clang-10+0x28d85ad)
#17 0x0000000001ae7c99 clang::FrontendAction::Execute()
(/usr/local/bin/clang-10+0x1ae7c99)
#18 0x0000000001a8b5a0
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/usr/local/bin/clang-10+0x1a8b5a0)
#19 0x0000000001b805bb
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/usr/local/bin/clang-10+0x1b805bb)
#20 0x000000000087d7ff cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/usr/local/bin/clang-10+0x87d7ff)
#21 0x000000000087c0cf main (/usr/local/bin/clang-10+0x87c0cf)
#22 0x00007f45d3480830 __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20830)
#23 0x00000000008792c9 _start (/usr/local/bin/clang-10+0x8792c9)
clang-10: error: unable to execute command: Segmentation fault (core dumped)
clang-10: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 10.0.0 (trunk 373424)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/local/bin
clang-10: note: diagnostic msg: PLEASE submit a bug report to
<a href="https://bugs.llvm.org/">https://bugs.llvm.org/</a> and include the crash backtrace, preprocessed source,
and associated run script.
clang-10: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-10: note: diagnostic msg: /tmp/web_connection_base-8ca7e8.cpp
clang-10: note: diagnostic msg: /tmp/web_connection_base-8ca7e8.sh
clang-10: note: diagnostic msg:
********************</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>