<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Invocation of memset with incorrect number of arguments results in segfault"
href="https://bugs.llvm.org/show_bug.cgi?id=43946">43946</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Invocation of memset with incorrect number of arguments results in segfault
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>9.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>C
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mprice@synopsys.com
</td>
</tr>
<tr>
<th>CC</th>
<td>blitzrakete@gmail.com, dgregor@apple.com, erik.pilkington@gmail.com, llvm-bugs@lists.llvm.org, richard-llvm@metafoo.co.uk
</td>
</tr></table>
<p>
<div>
<pre>As a part of testing our product that is based on Clang, we run our tool
against many packages that ship as a part of the Debian Linux distribution.
We recently upgraded our tool to be based off of Clang 9, and our Debian
package tests exposed a segfault.
There are a handful of packages [see Threaded USENET news reader (trn4,
<a href="https://packages.debian.org/jessie/trn4">https://packages.debian.org/jessie/trn4</a>) as well as the PennMUSH virtual world
server (pennmush 1.8.2p8-1.1, <a href="https://packages.debian.org/jessie/pennmush">https://packages.debian.org/jessie/pennmush</a>)]
that use a bash script to configure the build process. Part of this is probing
the compiler to see what features are available. As a part of that probing, it
attempts to compile a source code that is similar to:
int main () {
extern void memset();
memset();
}
This compiles fine in Clang 8, but in Clang 9 it causes a segfault. The issue
appears to be in the the function
`clang::Sema::checkFortifiedBuiltinMemoryFunction`. I suspect it's not prepared
to handle such an unexpected call to `memset`. My understanding is that this
function is intended to emit a runtime diagnostic letting the user that they've
misused this C library function.
Here is a Compiler Explorer link showing the source, and the differences
between Clang 8 and Clang 9 behavior. <a href="https://c.godbolt.org/z/7dJxjJ">https://c.godbolt.org/z/7dJxjJ</a>
The output that Clang 9 shows is:
==========================================================================
<source>:2:17: warning: incompatible redeclaration of library function 'memset'
[-Wincompatible-library-redeclaration]
extern void memset();
^
<source>:2:17: note: 'memset' is a builtin with type 'void *(void *, int,
unsigned long)'
Stack dump:
0. Program arguments: /opt/compiler-explorer/clang-9.0.0/bin/clang-9 -cc1
-triple x86_64-unknown-linux-gnu -fsyntax-only -disable-free
-disable-llvm-verifier -discard-value-names -main-file-name example.c
-mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno
-masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array
-target-cpu x86-64 -dwarf-column-info -debug-info-kind=limited -dwarf-version=4
-debugger-tuning=gdb -resource-dir
/opt/compiler-explorer/clang-9.0.0/lib/clang/9.0.0 -internal-isystem
/usr/local/include -internal-isystem
/opt/compiler-explorer/clang-9.0.0/lib/clang/9.0.0/include
-internal-externc-isystem /usr/include/x86_64-linux-gnu
-internal-externc-isystem /include -internal-externc-isystem /usr/include
-fdebug-compilation-dir /home/ubuntu -ferror-limit 19 -fmessage-length 0
-fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics -mllvm
--x86-asm-syntax=intel -faddrsig -x c <source>
1. <source>:3:12: current parser token ')'
2. <source>:1:13: parsing function body 'main'
3. <source>:1:13: in compound statement ('{}')
#0 0x000055cdbf2c476a llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x27db76a)
#1 0x000055cdbf2c2524 llvm::sys::RunSignalHandlers()
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x27d9524)
#2 0x000055cdbf2c2662 SignalHandler(int)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x27d9662)
#3 0x00007f57ca88a890 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
#4 0x000055cdc092fc8e
clang::Sema::checkFortifiedBuiltinMemoryFunction(clang::FunctionDecl*,
clang::CallExpr*) (/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3e46c8e)
#5 0x000055cdc0b61377 clang::Sema::BuildResolvedCallExpr(clang::Expr*,
clang::NamedDecl*, clang::SourceLocation, llvm::ArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*, bool, clang::CallExpr::ADLCallKind)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x4078377)
#6 0x000055cdc0b61e7e clang::Sema::BuildCallExpr(clang::Scope*, clang::Expr*,
clang::SourceLocation, llvm::MutableArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x4078e7e)
#7 0x000055cdc0b631f2 clang::Sema::ActOnCallExpr(clang::Scope*, clang::Expr*,
clang::SourceLocation, llvm::MutableArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x407a1f2)
#8 0x000055cdc083d13f
clang::Parser::ParsePostfixExpressionSuffix(clang::ActionResult<clang::Expr*,
true>) (/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d5413f)
#9 0x000055cdc0837e0f clang::Parser::ParseCastExpression(bool, bool, bool&,
clang::Parser::TypeCastState, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d4ee0f)
#10 0x000055cdc083a2f4 clang::Parser::ParseCastExpression(bool, bool,
clang::Parser::TypeCastState, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d512f4)
#11 0x000055cdc083b4b1
clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d524b1)
#12 0x000055cdc083c129
clang::Parser::ParseExpression(clang::Parser::TypeCastState)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d53129)
#13 0x000055cdc088501d
clang::Parser::ParseExprStatement(clang::Parser::ParsedStmtContext)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d9c01d)
#14 0x000055cdc08829b2
clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*,
32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*,
clang::Parser::ParsedAttributesWithRange&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d999b2)
#15 0x000055cdc0884209
clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*,
32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d9b209)
#16 0x000055cdc0887831 clang::Parser::ParseCompoundStatementBody(bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d9e831)
#17 0x000055cdc088a8f3 clang::Parser::ParseFunctionStatementBody(clang::Decl*,
clang::Parser::ParseScope&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3da18f3)
#18 0x000055cdc07f7578
clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&,
clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d0e578)
#19 0x000055cdc0817d81 clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&,
clang::DeclaratorContext, clang::SourceLocation*, clang::Parser::ForRangeInit*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d2ed81)
#20 0x000055cdc07f24c9
clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec&, clang::AccessSpecifier)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d094c9)
#21 0x000055cdc07f31a1
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*, clang::AccessSpecifier) (.part.207)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d0a1a1)
#22 0x000055cdc07fa416
clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d11416)
#23 0x000055cdc07fae79
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d11e79)
#24 0x000055cdc07fb3a5
clang::Parser::ParseFirstTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d123a5)
#25 0x000055cdc07eec36 clang::ParseAST(clang::Sema&, bool, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d05c36)
#26 0x000055cdbf995529 clang::FrontendAction::Execute()
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x2eac529)
#27 0x000055cdbf958bf5
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x2e6fbf5)
#28 0x000055cdbfa58f23
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x2f6ff23)
#29 0x000055cdbd7f7140 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0xd0e140)
#30 0x000055cdbd755882 main
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0xc6c882)
#31 0x00007f57c9748b97 __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b97)
#32 0x000055cdbd7f47fa _start
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0xd0b7fa)
clang-9: error: unable to execute command: Segmentation fault (core dumped)
clang-9: error: clang frontend command failed due to signal (use -v to see
invocation)
Compiler returned: 254
==========================================================================</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>