[LLVMdev] libclang parsing bug

Klemen Forstneric brucewayne97 at gmail.com
Thu Aug 16 10:28:29 PDT 2012 

Hey everyone,

first of all I just wanted to say thanks :) I've been using libclang for
building my own C/C++ IDE and its great. I have, however discovered a bug
(which I already submitted on llvm bugzilla but I got the impression that
no one reads that :)). If I try to use clang_parseTranslationUnit on this
code below:

int main() { return reinterpret_cast

libclang crashes.

This is the code I used to parse the code above:

#include <clang-c/Index.h>

int main(int argc, char** argv)
{
    CXIndex index = clang_createIndex(0, 0);
    CXTranslationUnit translationUnit = clang_parseTranslationUnit(index,
0, argv, argc, 0, 0, CXTranslationUnit_None);

    clang_disposeTranslationUnit(translationUnit);
    clang_disposeIndex(index);
    return 0;
}

Am I doing anything wrong?

Here's the output from valgrind:

$ valgrind --leak-check=full ./bug_report ../main.cpp
==5926== Memcheck, a memory error detector
==5926== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==5926== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==5926== Command: ./bug_report ../main.cpp
==5926==
==5926== Thread 2:
==5926== Invalid read of size 1
==5926==    at 0x55C5FD6: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x5189741: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x5181324: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x5182D6C: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x5183D9E: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x5184D28: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x51AAA8D: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x51B160F: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x51B19AC: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x51ADEE3: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x51AECB1: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x515C9DF: ??? (in /usr/lib/libclang.so.1)
==5926==  Address 0xe0 is not stack'd, malloc'd or (recently) free'd
==5926==
libclang: crash detected during parsing: {
  'source_filename' : '(null)'
  'command_line_args' : ['./bug_report', '../main.cpp'],
  'unsaved_files' : [],
  'options' : 0,
}
==5926==
==5926== HEAP SUMMARY:
==5926==     in use at exit: 13,326 bytes in 56 blocks
==5926==   total heap usage: 20,674 allocs, 20,618 frees, 29,235,096 bytes
allocated
==5926==
==5926== Thread 1:
==5926== 47 bytes in 1 blocks are definitely lost in loss record 17 of 31
==5926==    at 0x4C2B1C7: operator new(unsigned long)
(in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5926==    by 0x5A71708: std::string::_Rep::_S_create(unsigned long,
unsigned long, std::allocator<char> const&)
(in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17)
==5926==    by 0x5A730E4: char* std::string::_S_construct<char
const*>(char const*, char const*, std::allocator<char> const&,
std::forward_iterator_tag) (in
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17)
==5926==    by 0x5A731FC: std::basic_string<char,
std::char_traits<char>, std::allocator<char> >::basic_string(char const*,
unsigned long, std::allocator<char> const&) (in
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17)
==5926==    by 0x6D4101B: llvm::sys::Path::Path(llvm::StringRef)
(in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x4F4788C: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x4F39080: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x6D32DDE:
llvm::CrashRecoveryContext::RunSafely(void (*)(void*), void*) (in
/usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x6D32E13: ??? (in
/usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x6D583CC: ??? (in
/usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x7610E99: start_thread (pthread_create.c:308)
==5926==    by 0x5DAB4BC: clone (clone.S:112)
==5926==
==5926== 3,108 (1,104 direct, 2,004 indirect) bytes in 1 blocks are
definitely lost in loss record 29 of 31
==5926==    at 0x4C2B1C7: operator new(unsigned long)
(in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5926==    by 0x5026BAB: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x50290D4: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x502A3F6: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x4F39144: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x6D32DDE:
llvm::CrashRecoveryContext::RunSafely(void(*)(void*), void*) (in
/usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x6D32E13: ??? (in
/usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x6D583CC: ??? (in
/usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x7610E99: start_thread (pthread_create.c:308)
==5926==    by 0x5DAB4BC: clone (clone.S:112)
==5926==
==5926== 8,648 (448 direct, 8,200 indirect) bytes in 1 blocks are
definitely lost in loss record 31 of 31
==5926==    at 0x4C2B1C7: operator new(unsigned long)
(in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5926==    by 0x51534AD: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x5153F48: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x5152004: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x5026FFF: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x50290D4: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x502A3F6: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x4F39144: ??? (in /usr/lib/libclang.so.1)
==5926==    by 0x6D32DDE:
llvm::CrashRecoveryContext::RunSafely(void (*)(void*), void*) (in
/usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x6D32E13: ??? (in
/usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x6D583CC: ??? (in
/usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926==    by 0x7610E99: start_thread (pthread_create.c:308)
==5926==
==5926== LEAK SUMMARY:
==5926==    definitely lost: 1,599 bytes in 3 blocks
==5926==    indirectly lost: 10,204 bytes in 42 blocks
==5926==      possibly lost: 0 bytes in 0 blocks
==5926==    still reachable: 1,523 bytes in 11 blocks
==5926==         suppressed: 0 bytes in 0 blocks
==5926== Reachable blocks (those to which a pointer was found) are not
shown.
==5926== To see them, rerun with: --leak-check=full --show-reachable=yes
==5926==
==5926== For counts of detected and suppressed errors, rerun with: -v
==5926== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 2 from 2)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20120816/0fbba624/attachment.html>

More information about the llvm-dev mailing list