[cfe-dev] Use-after-free/-poison bug in AST building

Kim Gräsman via cfe-dev cfe-dev at lists.llvm.org
Thu Sep 23 12:00:39 PDT 2021

We've had a curious bug reported on IWYU, where
CastExpr::getConversionFunction does not return a FunctionDecl.

After some research, it turns out we get an AccessSpecDecl instead, which
seems like a strange conversion function.

I tried running with ASAN enabled for only IWYU, but didn't get any useful
results, but eventually I managed to repro a non-IWYU contained example.
That in turn led me to:

I'm not sure where to go from there, though... It seems the parser somehow
triggers a use-after-free in BumpPtrAllocator. Can I narrow it down
somehow? I have an 800K preprocessed repro, but from cursory experiments
ASAN triggers use-after-poison there on basically anything.

Thanks for any ideas for narrowing down the issue,
- Kim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20210923/3deec95f/attachment.html>

More information about the cfe-dev mailing list