[cfe-dev] Use-after-free/-poison bug in AST building
Kim Gräsman via cfe-dev
cfe-dev at lists.llvm.org
Thu Sep 23 12:00:39 PDT 2021
We've had a curious bug reported on IWYU, where
CastExpr::getConversionFunction does not return a FunctionDecl.
After some research, it turns out we get an AccessSpecDecl instead, which
seems like a strange conversion function.
I tried running with ASAN enabled for only IWYU, but didn't get any useful
results, but eventually I managed to repro a non-IWYU contained example.
That in turn led me to:
I'm not sure where to go from there, though... It seems the parser somehow
triggers a use-after-free in BumpPtrAllocator. Can I narrow it down
somehow? I have an 800K preprocessed repro, but from cursory experiments
ASAN triggers use-after-poison there on basically anything.
Thanks for any ideas for narrowing down the issue,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cfe-dev