[LLVMbugs] [Bug 9578] New: clang crash: null pointer dereference

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon Mar 28 21:46:29 PDT 2011 

http://llvm.org/bugs/show_bug.cgi?id=9578

           Summary: clang crash: null pointer dereference
           Product: new-bugs
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: regehr at cs.utah.edu
                CC: llvmbugs at cs.uiuc.edu, chenyang at cs.utah.edu


Sorry for the nasty test case!

[regehr at babel tmp001]$ clang -v 

clang version 3.0 (trunk 128450)
Target: x86_64-unknown-linux-gnu
Thread model: posix

[regehr at babel tmp001]$ clang -c -Os -w small.c

0  clang           0x000000000187daff
1  clang           0x000000000187fd72
2  libpthread.so.0 0x00007f5baa7f9190
3  clang           0x000000000179796c
llvm::GetElementPtrInst::hasAllZeroIndices() const + 60
4  clang           0x00000000015435bd
5  clang           0x0000000001543b50
6  clang           0x00000000017c9cbb
llvm::FPPassManager::runOnFunction(llvm::Function&) + 587
7  clang           0x00000000017c9dbb
llvm::FPPassManager::runOnModule(llvm::Module&) + 75
8  clang           0x00000000017c97c4
llvm::MPPassManager::runOnModule(llvm::Module&) + 500
9  clang           0x00000000017c994b llvm::PassManagerImpl::run(llvm::Module&)
+ 187
10 clang           0x0000000000816fd8
clang::EmitBackendOutput(clang::Diagnostic&, clang::CodeGenOptions const&,
clang::TargetOptions const&, llvm::Module*, clang::BackendAction,
llvm::raw_ostream*) + 1720
11 clang           0x0000000000813d4b
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 251
12 clang           0x000000000093781f clang::ParseAST(clang::Sema&, bool) + 431
13 clang           0x00000000008134e4 clang::CodeGenAction::ExecuteAction() +
68
14 clang           0x0000000000709293
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 371
15 clang           0x00000000006e2fb2
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1298
16 clang           0x00000000006d9f2c cc1_main(char const**, char const**, char
const*, void*) + 524
17 clang           0x00000000006e209d main + 4445
18 libc.so.6       0x00007f5ba9ae9abd __libc_start_main + 253
19 clang           0x00000000006d8679
Stack dump:
0.    Program arguments:
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r128450-install/bin/clang
-cc1 -triple x86_64-unknown-linux-gnu -emit-obj -disable-free -main-file-name
small.c -mrelocation-model static -mdisable-fp-elim -masm-verbose
-mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-linker-version
2.20 -momit-leaf-frame-pointer -resource-dir
/uusoc/exports/scratch/regehr/z/compiler-install/llvm-gcc-r128450-install/bin/../lib/clang/3.0
-Os -w -ferror-limit 19 -fmessage-length 98 -fgnu-runtime
-fdiagnostics-show-option -fcolor-diagnostics -o small.o -x c small.c 
1.    <eof> parser at end of file
2.    Code generation
3.    Running pass 'Function Pass Manager' on module 'small.c'.
4.    Running pass 'Optimize for code generation' on function '@func_82'
clang: error: unable to execute command: Segmentation fault
clang: error: clang frontend command failed due to signal 1 (use -v to see
invocation)

[regehr at babel tmp001]$ cat small.c


static unsigned char foo (long si1, unsigned char si2)
{
  return si1 > 0 && si2 > 0 && si1 > -si2 || si1 < 0 && si2 < 0
    && si1 < -si2 ? : si1 + si2;
}

static unsigned char bar (unsigned char ui1, unsigned char ui2)
{
  return ui1 + ui2;
}

struct S0
{
  unsigned f0;
  unsigned char f1;
  int f2;
};

int g_3[8] = {
  0L
};

int *g_2 = &g_3[7];
unsigned char g_54;
unsigned char g_55;
int g_66[3] = {
  0x4E941402L
};

struct S0 g_158 = {
  0U, 0x489170B2L
};

unsigned char g_219;
unsigned char g_290;
struct S0 *g_387 = &g_158;

unsigned char func_74 (void)
{
  unsigned short l_80[6];
  int i, j;
  for (i = 0; i < 6; i++)
    l_80[i] = 1;
  return l_80[3];
}

const int **func_82 (short p_83)
{
  int *const l_312 = &g_66[2];
  const int **l_313[7];
  struct S0 l_369 = {
    4294967295U, 0xC8392529L
  };
  if (bar (1U, func_74 ()))
    {
    }
  else
    {
      int **l_316 = &g_2;
      for (0; g_219; g_219 += 0)
    {
    lbl_370:
      if (**l_316)
        continue;
      if (l_369.f1)
        goto lbl_370;
    }
      for (g_290 = 0; g_290 == 1; g_290 = 1)
    {
      g_387 = &l_369;
      *l_312 = 1;
      if (p_83)
        goto lbl_468;
    }
    }
  for (g_54 = 0; g_54 < 1; foo (g_54, 0))
    {
      for (l_369.f1 = 0; l_369.f1 < 1; l_369.f1 = 1)
    *l_312 = 0 != &l_369;
    lbl_468:
      *l_312 |= 1;
    lbl_469:
      ;
    }
  for (l_369.f1 = 0; l_369.f1 < 1; l_369.f1 += 1)
    if (g_55)
      goto lbl_469;
  return 0;
}

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list