<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Crash in CStringChecker"
   href="https://bugs.llvm.org/show_bug.cgi?id=44295">44295</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Crash in CStringChecker
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Static Analyzer
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>dcoughlin@apple.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>xazax.hun@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=22934" name="attach_22934" title="Preprocessed file for reproducing the crash.">attachment 22934</a> <a href="attachment.cgi?id=22934&action=edit" title="Preprocessed file for reproducing the crash.">[details]</a></span>
Preprocessed file for reproducing the crash.

This is the stacktrace:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff708d8ad in __GI_abort () at abort.c:79
#2  0x00007ffff708d77f in __assert_fail_base (fmt=0x7ffff71efbc0 "%s%s%s:%u:
%s%sAssertion `%s' failed.\n%n", assertion=0x322220 "hasVal", file=0x341355
"/usr/local/google/home/xazax/LLVM/llvm/include/llvm/ADT/Optional.h", line=173,
function=<optimized out>) at assert.c:92
#3  0x00007ffff709b542 in __GI___assert_fail (assertion=0x322220 "hasVal",
file=0x341355
"/usr/local/google/home/xazax/LLVM/llvm/include/llvm/ADT/Optional.h", line=173, 
    function=0x598ff5 "T
&llvm::optional_detail::OptionalStorage<clang::ento::NonLoc, true>::getValue()
& [T = clang::ento::NonLoc]") at assert.c:101
#4  0x00000000036be8ed in (anonymous
namespace)::CStringChecker::evalStrcpyCommon (this=<optimized out>, C=...,
CE=0x4e05e70, ReturnEnd=false, IsBounded=true, appendK=(anonymous
namespace)::ConcatFnKind::strlcat, returnPtr=<optimized out>)
    at clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:104
#5  0x00000000036b657b in (anonymous namespace)::CStringChecker::evalStrlcat
(this=0x2, C=..., CE=0x0) at
clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:1527
#6  0x00000000036c11f2 in (anonymous namespace)::CStringChecker::evalCall
(this=<optimized out>, Call=..., C=...) at
clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2297
#7  clang::ento::eval::Call::_evalCall<(anonymous namespace)::CStringChecker>
(checker=<optimized out>, Call=..., C=...) at
clang/include/clang/StaticAnalyzer/Core/Checker.h:479
#8  0x000000000392d9b3 in clang::ento::CheckerFn<bool (clang::ento::CallEvent
const&, clang::ento::CheckerContext&)>::operator()(clang::ento::CallEvent
const&, clang::ento::CheckerContext&) const (this=<optimized out>, ps=...,
ps=...)
    at clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:69
#9  clang::ento::CheckerManager::runCheckersForEvalCall (this=0x4ce6da0,
Dst=..., Src=..., Call=..., Eng=...) at
clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:674
#10 0x000000000396a09e in clang::ento::ExprEngine::evalCall
(this=0x7fffffffae98, Dst=..., Pred=<optimized out>, Call=...) at
clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:587
#11 0x0000000003969e24 in clang::ento::ExprEngine::VisitCallExpr
(this=0x7fffffffae98, CE=0x4e05e70, Pred=<optimized out>, dst=...) at
clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:514
#12 0x0000000003949fec in clang::ento::ExprEngine::Visit (this=0x7fffffffae98,
S=0x4e05e70, Pred=0x4ecfdc8, DstTop=...) at
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1603
#13 0x00000000039465a4 in clang::ento::ExprEngine::ProcessStmt
(this=0x7fffffffae98, currStmt=<optimized out>, Pred=<optimized out>) at
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:791
#14 0x00000000039461f9 in clang::ento::ExprEngine::processCFGElement
(this=0x7fffffffae98, E=..., Pred=0x4ed0110, StmtIdx=11, Ctx=0x7fffffffacb0) at
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:637
#15 0x0000000003933b41 in clang::ento::CoreEngine::HandlePostStmt
(this=<optimized out>, B=<optimized out>, StmtIdx=0, Pred=0x7ffff70a2cfb
<__GI_raise+267>) at clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:467
#16 0x0000000003932bc9 in clang::ento::CoreEngine::ExecuteWorkList
(this=0x7fffffffaeb8, L=<optimized out>, Steps=218621, InitState=...) at
clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:148
#17 0x000000000368dced in clang::ento::ExprEngine::ExecuteWorkList
(this=0x7fffffffae98, L=0x0, Steps=0) at
clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:168
#18 (anonymous namespace)::AnalysisConsumer::RunPathSensitiveChecks
(this=0x4ce6710, D=0x4df7ba8, IMode=clang::ento::ExprEngine::Inline_Regular,
VisitedCallees=0x7fffffffb200) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:818
#19 (anonymous namespace)::AnalysisConsumer::HandleCode (this=0x4ce6710,
D=0x4df7ba8, Mode=2, IMode=clang::ento::ExprEngine::Inline_Regular,
VisitedCallees=<optimized out>) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:791
#20 0x0000000003670457 in (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph (this=0x4ce6710,
LocalTUDeclsSize=<optimized out>) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:580
#21 (anonymous namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit
(this=0x4ce6710, C=...) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:631
#22 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit
(this=0x4ce6710, C=...) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:661
#23 0x00000000039e6e93 in clang::ParseAST (S=..., PrintStats=<optimized out>,
SkipFunctionBodies=<optimized out>) at clang/lib/Parse/ParseAST.cpp:171
#24 0x0000000002fbccd1 in clang::FrontendAction::Execute (this=0x4cc62f0) at
clang/lib/Frontend/FrontendAction.cpp:936
#25 0x0000000002f381c3 in clang::CompilerInstance::ExecuteAction
(this=0x4cbd8e0, Act=...) at clang/lib/Frontend/CompilerInstance.cpp:965
#26 0x0000000003052795 in clang::ExecuteCompilerInvocation (Clang=<optimized
out>) at clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:290
#27 0x000000000169ec27 in cc1_main (Argv=..., Argv0=0x7fffffffd744
"/usr/local/google/home/xazax/LLVM/build/bin/clang", MainAddr=0x1699c20
<GetExecutablePath(char const*, bool)>) at clang/tools/driver/cc1_main.cpp:250
#28 0x000000000169ca20 in ExecuteCC1Tool (argv=..., Tool=...) at
clang/tools/driver/driver.cpp:309
#29 main (argc_=<optimized out>, argv_=<optimized out>) at
clang/tools/driver/driver.cpp:382


I attached a preprocessed file. Using --analyze on it reproduces the crash for
me.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>