r206644 - Don't read CompilerInstance fields that don't exist in ASTUnit

Evgeniy Stepanov eugeni.stepanov at gmail.com
Tue Apr 22 00:13:27 PDT 2014 

Hi,

This is crashing on ASan bootstrap bot with what looks like NULL dereference.

http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-bootstrap/builds/3112/steps/check-clang%20asan/logs/stdio

Crashing test: Clang :: Index/pch-with-errors.c

$ ASAN_SYMBOLIZER_PATH=../llvm_build0/bin/llvm-symbolizer
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/./bin/c-index-test
-write-pch /home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/tools/clang/test/Index/Output/pch-with-errors.c.tmp.pch
foobar.c
ASAN:SIGSEGV
=================================================================
==12621==ERROR: AddressSanitizer: SEGV on unknown address
0x0000000006b0 (pc 0x7f7c8294870d sp 0x7f7c7e817980 bp 0x7f7c7e817ad0
T2)
    #0 0x7f7c8294870c in CXDiagnosticSetImpl
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/libclang/CIndexDiagnostic.h:31
    #1 0x7f7c8294870c in CXDiagnosticImpl
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/libclang/CIndexDiagnostic.h:100
    #2 0x7f7c8294870c in getASTContext
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/libclang/CIndexDiagnostic.h:119
    #3 0x7f7c8294870c in
clang::cxindex::printDiagsToStderr(clang::ASTUnit*)
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/libclang/CIndex.cpp:6719
    #4 0x7f7c82925b4b in clang_parseTranslationUnit_Impl(void*)
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/libclang/CIndex.cpp:2795
    #5 0x7f7c841a170b in llvm::CrashRecoveryContext::RunSafely(void
(*)(void*), void*)
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/CrashRecoveryContext.cpp:316
    #6 0x7f7c841a1ac0 in RunSafelyOnThread_Dispatch(void*)
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/CrashRecoveryContext.cpp:347
    #7 0x7f7c84239d4f in ExecuteOnThread_Dispatch(void*)
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/Threading.cpp:75
    #8 0x7f7c81c27181 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)
    #9 0x7f7c81131b5c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xfab5c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/libclang/CIndexDiagnostic.h:31
CXDiagnosticSetImpl
Thread T2 created by T1 here:
    #0 0x42a2fe in __interceptor_pthread_create
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:176
    #1 0x7f7c84239c6c in llvm::llvm_execute_on_thread(void (*)(void*),
void*, unsigned int)
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/Threading.cpp:96
    #2 0x7f7c841a1985 in
llvm::CrashRecoveryContext::RunSafelyOnThread(void (*)(void*), void*,
unsigned int) /home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/CrashRecoveryContext.cpp:352
    #3 0x7f7c82923d55 in RunSafely
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/libclang/CIndex.cpp:6688
    #4 0x7f7c82923d55 in clang_parseTranslationUnit2
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/libclang/CIndex.cpp:2845
    #5 0x4b45b3 in write_pch_file
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/c-index-test/c-index-test.c:3685
    #6 0x4b6fd4 in cindextest_main
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/c-index-test/c-index-test.c:4052
    #7 0x4b9f57 in thread_runner
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/c-index-test/c-index-test.c:4075
    #8 0x7f7c84239d4f in ExecuteOnThread_Dispatch(void*)
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/Threading.cpp:75
    #9 0x7f7c81c27181 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)

Thread T1 created by T0 here:
    #0 0x42a2fe in __interceptor_pthread_create
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:176
    #1 0x7f7c84239c6c in llvm::llvm_execute_on_thread(void (*)(void*),
void*, unsigned int)
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/Threading.cpp:96
    #2 0x4ba0a0 in main
/home/dtoolsbot/build/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/c-index-test/c-index-test.c:4093
    #3 0x7f7c81058ed4 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21ed4)

On Sat, Apr 19, 2014 at 12:39 AM, Ben Langmuir <blangmuir at apple.com> wrote:
> Author: benlangmuir
> Date: Fri Apr 18 15:39:48 2014
> New Revision: 206644
>
> URL: http://llvm.org/viewvc/llvm-project?rev=206644&view=rev
> Log:
> Don't read CompilerInstance fields that don't exist in ASTUnit
>
> When transferring data from a CompilerInstance in an error path we need
> to consider cases where the various fields are uninitialized.
>
> Modified:
>     cfe/trunk/lib/Frontend/ASTUnit.cpp
>
> Modified: cfe/trunk/lib/Frontend/ASTUnit.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Frontend/ASTUnit.cpp?rev=206644&r1=206643&r2=206644&view=diff
> ==============================================================================
> --- cfe/trunk/lib/Frontend/ASTUnit.cpp (original)
> +++ cfe/trunk/lib/Frontend/ASTUnit.cpp Fri Apr 18 15:39:48 2014
> @@ -1717,11 +1717,14 @@ void ASTUnit::transferASTDataFromCompile
>    // Steal the created target, context, and preprocessor.
>    TheSema.reset(CI.takeSema());
>    Consumer.reset(CI.takeASTConsumer());
> -  Ctx = &CI.getASTContext();
> -  PP = &CI.getPreprocessor();
> +  if (CI.hasASTContext())
> +    Ctx = &CI.getASTContext();
> +  if (CI.hasPreprocessor())
> +    PP = &CI.getPreprocessor();
>    CI.setSourceManager(0);
>    CI.setFileManager(0);
> -  Target = &CI.getTarget();
> +  if (CI.hasTarget())
> +    Target = &CI.getTarget();
>    Reader = CI.getModuleManager();
>    HadModuleLoaderFatalFailure = CI.hadModuleLoaderFatalFailure();
>  }
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

More information about the cfe-commits mailing list