[cfe-dev] Use-after-free/-poison bug in AST building
Kim Gräsman via cfe-dev
cfe-dev at lists.llvm.org
Thu Sep 23 12:00:39 PDT 2021
We've had a curious bug reported on IWYU, where
CastExpr::getConversionFunction does not return a FunctionDecl.
After some research, it turns out we get an AccessSpecDecl instead, which
seems like a strange conversion function.
I tried running with ASAN enabled for only IWYU, but didn't get any useful
results, but eventually I managed to repro a non-IWYU contained example.
That in turn led me to:
https://bugs.llvm.org/show_bug.cgi?id=44972
I'm not sure where to go from there, though... It seems the parser somehow
triggers a use-after-free in BumpPtrAllocator. Can I narrow it down
somehow? I have an 800K preprocessed repro, but from cursory experiments
ASAN triggers use-after-poison there on basically anything.
Thanks for any ideas for narrowing down the issue,
- Kim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20210923/3deec95f/attachment.html>
More information about the cfe-dev
mailing list