<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/136772>136772</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [DWARF] llvm-debuginfo-analyzer crashes on dead code?
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          Mrmaxmeier
      </td>
    </tr>
</table>

<pre>
    Hi,
I've encountered a segfault with `llvm-debuginfo-analyzer` that reproduces with `v19.1.7` and the current main branch. I've attached my original reproducer below. (`llvm-debuginfo-analyzer out/lzma-lzmadec.wasm --print=instructions`)

<details>
<summary>Crash backtrace</summary>

```
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: llvm-debuginfo-analyzer out/lzma-lzmadec.wasm --print=instructions
 #0 0x000073f2de41a730 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /usr/src/debug/llvm/llvm-19.1.7.src/lib/Support/Unix/Signals.inc:723:22
 #1 0x000073f2de4176bd llvm::sys::RunSignalHandlers() /usr/src/debug/llvm/llvm-19.1.7.src/lib/Support/Signals.cpp:105:20
 #2 0x000073f2de4176bd SignalHandler /usr/src/debug/llvm/llvm-19.1.7.src/lib/Support/Unix/Signals.inc:403:31
 #3 0x000073f2dd64bcd0 (/usr/lib/libc.so.6+0x3dcd0)
 #4 0x000073f2e29711fd nextByte /usr/src/debug/llvm/llvm-19.1.7.src/lib/Target/WebAssembly/Disassembler/WebAssemblyDisassembler.cpp:81:22
 #5 0x000073f2e29711fd getInstruction /usr/src/debug/llvm/llvm-19.1.7.src/lib/Target/WebAssembly/Disassembler/WebAssemblyDisassembler.cpp:167:21
 #6 0x000073f2e0c90192 llvm::logicalview::LVBinaryReader::createInstructions(llvm::logicalview::LVScope*, unsigned long, std::pair<unsigned long, unsigned long> const&) /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/Readers/LVBinaryReader.cpp:466:5
 #7 0x000073f2e0c90fb8 llvm::Error::getPtr() const /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:282:12
 #8 0x000073f2e0c90fb8 llvm::Error::operator bool() /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:242:22
 #9 0x000073f2e0c90fb8 llvm::logicalview::LVBinaryReader::createInstructions() /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/Readers/LVBinaryReader.cpp:572:73
#10 0x000073f2e0cc9501 llvm::Error::getPtr() const /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:282:12
#11 0x000073f2e0cc9501 llvm::Error::operator bool() /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:242:22
#12 0x000073f2e0cc9501 llvm::logicalview::LVDWARFReader::createScopes() /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/Readers/LVDWARFReader.cpp:960:41
#13 0x000073f2e0c500c3 llvm::logicalview::LVReader::doLoad() /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/Core/LVReader.cpp:236:3
#14 0x000073f2e0c810f8 llvm::logicalview::LVReaderHandler::createReader(llvm::StringRef, std::vector<std::unique_ptr<llvm::logicalview::LVReader, std::default_delete<llvm::logicalview::LVReader>>, std::allocator<std::unique_ptr<llvm::logicalview::LVReader, std::default_delete<llvm::logicalview::LVReader>>>>&, llvm::PointerUnion<llvm::object::ObjectFile*, llvm::pdb::PDBFile*>&, llvm::StringRef, llvm::StringRef) /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/LVReaderHandler.cpp:72:1
#15 0x000073f2e0c86205 llvm::logicalview::LVReaderHandler::handleObject(std::vector<std::unique_ptr<llvm::logicalview::LVReader, std::default_delete<llvm::logicalview::LVReader>>, std::allocator<std::unique_ptr<llvm::logicalview::LVReader, std::default_delete<llvm::logicalview::LVReader>>>>&, llvm::StringRef, llvm::object::Binary&) /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/LVReaderHandler.cpp:247:71
#16 0x000073f2e0c831c4 std::unique_ptr<llvm::object::Binary, std::default_delete<llvm::object::Binary>>::~unique_ptr() /usr/include/c++/14.2.1/bits/unique_ptr.h:397:12
#17 0x000073f2e0c831c4 llvm::Expected<std::unique_ptr<llvm::object::Binary, std::default_delete<llvm::object::Binary>>>::~Expected() /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:564:34
#18 0x000073f2e0c831c4 llvm::Expected<std::unique_ptr<llvm::object::Binary, std::default_delete<llvm::object::Binary>>>::~Expected() /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:561:3
#19 0x000073f2e0c831c4 llvm::logicalview::LVReaderHandler::handleBuffer(std::vector<std::unique_ptr<llvm::logicalview::LVReader, std::default_delete<llvm::logicalview::LVReader>>, std::allocator<std::unique_ptr<llvm::logicalview::LVReader, std::default_delete<llvm::logicalview::LVReader>>>>&, llvm::StringRef, llvm::MemoryBufferRef, llvm::StringRef) /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/LVReaderHandler.cpp:198:1
#20 0x000073f2e0c847b7 std::default_delete<llvm::MemoryBuffer>::operator()(llvm::MemoryBuffer*) const /usr/include/c++/14.2.1/bits/unique_ptr.h:93:2
#21 0x000073f2e0c847b7 std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>::~unique_ptr() /usr/include/c++/14.2.1/bits/unique_ptr.h:398:17
#22 0x000073f2e0c847b7 llvm::logicalview::LVReaderHandler::handleFile(std::vector<std::unique_ptr<llvm::logicalview::LVReader, std::default_delete<llvm::logicalview::LVReader>>, std::allocator<std::unique_ptr<llvm::logicalview::LVReader, std::default_delete<llvm::logicalview::LVReader>>>>&, llvm::StringRef, llvm::StringRef) /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/LVReaderHandler.cpp:214:1
#23 0x000073f2e0c848d9 llvm::Error::getPtr() const /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:282:12
#24 0x000073f2e0c848d9 llvm::Error::operator bool() /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:242:22
#25 0x000073f2e0c848d9 llvm::logicalview::LVReaderHandler::createReaders() /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/LVReaderHandler.cpp:281:50
#26 0x000073f2e0c84c6d llvm::logicalview::LVReaderHandler::process() /usr/src/debug/llvm/llvm-19.1.7.src/lib/DebugInfo/LogicalView/LVReaderHandler.cpp:30:3
#27 0x00005fc85b4ed745 llvm::Error::getPtr() const /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:282:12
#28 0x00005fc85b4ed745 llvm::Error::operator bool() /usr/src/debug/llvm/llvm-19.1.7.src/include/llvm/Support/Error.h:242:22
#29 0x00005fc85b4ed745 main /usr/src/debug/llvm/llvm-19.1.7.src/tools/llvm-debuginfo-analyzer/llvm-debuginfo-analyzer.cpp:137:42
#30 0x000073f2dd635488 __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:74:3
#31 0x000073f2dd63554c call_init /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:128:20
#32 0x000073f2dd63554c __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:347:5
#33 0x00005fc85b4f4af5 (/usr/bin/llvm-debuginfo-analyzer+0xeaf5)
fish: Job 1, 'llvm-debuginfo-analyzer out/lzm…' terminated by signal SIGSEGV (Address boundary error)
```

</details>

Looking into the crash a bit, we're crashing due to an out-of-bounds pointer that is created [here](https://github.com/llvm/llvm-project/blob/2c2ba7efd4d5f270e7dea2e6a5f0a22bd7aaecd0/llvm/lib/DebugInfo/LogicalView/Readers/LVBinaryReader.cpp#L434-L437):

```cpp
  ArrayRef<uint8_t> Bytes = arrayRefFromStringRef(*SectionContentsOrErr);
  uint64_t Offset = Address - SectionAddress;
  uint8_t const *Begin = Bytes.data() + Offset;
  uint8_t const *End = Bytes.data() + Offset + Size;
```

where `Offset` is larger than `Bytes`.

The large `Offset` happens because `LVBinaryReader::createInstructions` is called with a `LVNameInfo` of `{0x1000004bf, 0x14}` in the reproducer. It seems like the name's `LVAddress` is calculated from a "dead code" record that is encoded as `0xffffffff` in the DWARF.

`llvm-dwarfdump out/lzma-lzmadec.wasm --all` shows it like this:

```
0x000002b3:   DW_TAG_subprogram
                DW_AT_low_pc    (dead code)
                DW_AT_high_pc   (0x00000362)
                DW_AT_frame_base        (DW_OP_WASM_location 0x0 0x6, DW_OP_stack_value)
```

I'm not familiar with DWARF and am not sure if the binary I'm using respects the DWARF spec, but it was produced by `clang`, and it seems like trusting offsets in the DWARF is probably not intended :upside_down_face:

[crasher.zip](https://github.com/user-attachments/files/19856861/crasher.zip)

Thanks!
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzsWs1y2zgSfhr4grIKBH918IGyrBlveTapODM5qkCiKWFDAlwAtKwc9tm3AFIWpciO7YknOcSlsij8NL5ufN0AiGbGiJUEuEDxDMXzM9bZtdIXf-iG3TcgQJ8Vim8vfheIXiKSXyOa3gEGWapOWtDAMcMGVhXraos3wq4xSkhd3zXnHIpuJWSlzplk9fYLaJQQbNfMYg2tVrwrwTx0uQumk2CSuiZMcmzXgMtOa5AWN0xIXGgmy_UEDwCYtaxcA8fNFistVkKyei9W4wJqtZlgRLPH4WDVWUQX9ZeGnbt_HMrJhpkGn5-3WkiLwrmQxuqutEJJgxKC6BSR3H3CSw6Widqg8Kr_bbqmYXqLwqtLzcwaF6z8bDUrAYWXiC721YOEhAwfkr-_ucpvr7DpikZYzHDRrZwuSltsFV5b2xoU5oguEF2shF13xaRUjYNe3-2-zlut_gOlU0gY04FBdOEtKWRZdxx6ix4imyCS31pWfsa8a1o3BMnJBJHpe61WmjWY6VXXgLRuePydrEhyjGhIMLknhJA0rCiHKGBpSPwIDkWYm63pH947ER7jR29Lmu0babZZKmM1sAbRBNFL7IajU4zoojPaGV2XiC485iNr9Wyb9A1qUSC6uO1aZ3JEF39Kce8KxEqy2kyELFGYpzREYU7poEBwpECaFPyUAh862cv5nUlegzaOkt8B4w5c2bqJC0jswJEBHD0F7gDG29goIs5GYTDACMcweBIVJSfeJXdj90JrUZQToyYJojNyH_KSD47mZEQjGUCnaRBUHEu4t7OthVdq8ZHpFTglPkGRGwNNUW8RXcyFYf0v0IeV45rB4lkwZkN8CuUK7PWe-T8Qa5CkDuxuWpIxWFJOSTClI-rWaiVKVt8J2PQFN3_NhGR6-wEYB92XlRqYheuxY49d84SM21K1gGju_LSTftHhuFZy5QqM5X27lgmNwsuvGhwWhFe4VNJY7_av9aW5a3YtK4Xo4qbH-5fDSxe9oi6CHqo-mDNKEhTm8WDN9NiaVZGNrHmltRpstgL73urB_z3-FyMfgvm-yd4h_UCTtZvojLpJ33EzezZA1YJmVmlcKFW_Mk49D2FEx94zfRrh6wn5A8gRp061NHRLPA0DcqhaOY1J8NOwwwEMng3wR7DDIaRPIzzBjvmn_MPia3L4CPRP0GI0_sCKaUJc4AgGlcJDlWJCyvBplcbacHWjGH8jPS6VBq_EAX4aupC3I3V0CD8LSPUNf-2FDXuP8ZwMeo3XjlurhVx9gOpgYbiD0jomXj6UdFL8t4Nla13pc4w3FsfBn1iWHGqw8EwB4ZX7jMWwulYl-0mADfD8Tnjf670S7qD2pxRKHohThT8v-Od3_nkh6t0KvW_W8mIQNJ_tGpwY5mDWThZ_f64e8Wrgqg_AO0-Lj6iaUBK_mKpr_6O3EaLZL07-XU4-QpYxI_ul9Y02eKeJQyO3TU531DnaJmdhUEb4WwY9pcLzLHmi52A_V_K_0XhHgX-_ppaIzvxnEUQTOgkQXRTCujVp39uvsOE0He8B0lOajvYA9y2UFvgz-PQW6u8s8ADjDbcecRI580SDYbJfhnkwTDDaAEyftstLouqsqyq_AfgVVd8oqv4BjdLb3s4_w_ocTLP9Ak2PDkhZlBbps2w0VuvBF3ZnlN4VDraVB-3dJuerU9YrAunUvxMcVAmeVOURrhzCeh49vlL9jRYJP0_poB09pd3rfL7fRv7y-Lfy-B_g1DSIRk4dHnMl49Of6a0HPT7BPg7wB731oMcHlyOELz9jv9WLj0f44N-Px2TQ5ngvHZUJf7E2rVYlmH9Wj5Dstz10t0-OqzKLiwh4GsU_Fa2zZwP8UbSenkLoL3hfOrpVqja7mhN3zY_W7LYhoTsDRQOwwwtJnoRxlGV4uaxFUS6NZdouS1bXy6egrlzj0XdpOkQXk4lruDUcWgdXtrYe7ryO5Xp7pdGecIeXjA5UHJXYtxdSPEqpJ3D0j6783A8-KT19st3loRuUnhr0wBKvNMLJwUN_6I6HscNDelQRq-KDG8NCyKfmfEbugVVxf31YCeMsiv-lChy4FRLR9JGe-0tsdEVRRlCeIJpiC7oRklnguNhi4-868e31b7dXv_3lYOWcazAGF6qTnOktBu9hfZbA6IK_zxDwVhonDZD8RqnPQq6wkFaNbugZLoR1iDeAaKqHYteQd4Ctwkw6xOeqOvdDG9z2b_n69AphcB_5OUbxbA0aUDxHNHtxJkFRKxc0aUkLlkLFIx5XNCWQcmAUEhZXhFFa8JQx8Le2D3L-ziUKDW-iMDq_icLUmdKnJYwN6tqQHONca7Z1u5zwshPSZkuLwis821owGIVzzIb6hVbNaEuUIZrfgr8julTSgrTmnb7SftrCmZfsxCXR0uJ3VWXAemm7uT7HQ-ehYNwnW9qHaJ_PYOXcJJz3kCacWfYQaWeD6Ed7X0n-rb7-8VZ8gV7IEeE2bt4xSsgwUEIcL2qmVz1NpKvz0lFCJn2fj2voWxz2W7O2BWlwASXrjK985hVcP6iLWMD7VB_W9_43a8AzIyFYVa4MpTNyHzjnJ1HhN7TkPohQOvdCpPeOfYLPBF9bbAAag2vxuc9ukaxx7mL6EXbT8wCh7GrvEpVWjYNBKQfGcancEkaxhlJp_uBAIF0Fx8yLI_fV8DdC4695Jg_k7EPLhumKd037RFoMq2snxazVxmBhdwoI8zXVEcn7gEho4Y6aGOP5p-XH_Lel6Yq2z9Lx_Dn8m39a5h-Xtdos2xIRdw4eqTp9tMNarNYPPYZxw4Q-1aXSrIFlwQz0veaflu_eLz_lt38s_elJKOlCOib3_ujSVxvLys_LO1Z3cDJWXiOaNlgqiyvWiFow3XPHG9wnNbG-2nQasKj8bBSej7jv2xkXLDWYFkpr9rOFXYEDUnTWmX7DDB4o5UO8iy41kyuf63XZ508d8kx3xjrZynuHOeCC402rVcGKeuvxuZgsHYvcybE1gsOSq41cVj4tbDfZ8cyHd9CTL6L9ZqTuDOjzPv2tT82ii0rUPt8rmGZxkiXuSD-WuEta-7hm8rNBNDjjFyGfhlN2BhdBGsVhnETT8Gx9EdEghSAKCY2zgCU04FkQxyQoeZFAUcGZuKCExiSilAZBFIcTVsbAo5BMK54EJI1QRKBhop44b5govTrz2WgXQZikKT2rWQG18bmGlErYYF-LKEXx_ExfeBcqupVBEamFsWYvxgpb-yRFb2kUzx_NR-tVN1hJvGd9uDjrdH3x-ly6QYG7C_r_AAAA__8A5L3L">