[LLVMbugs] [Bug 14274] New: double free or corruption with lamba expression in template using libstdc++

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue Nov 6 11:57:24 PST 2012 

http://llvm.org/bugs/show_bug.cgi?id=14274

             Bug #: 14274
           Summary: double free or corruption with lamba expression in
                    template using libstdc++
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: C++11
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: markus at trippelsdorf.de
                CC: dgregor at apple.com, llvmbugs at cs.uiuc.edu
    Classification: Unclassified


Consider (testcase from http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55223):

markus at x4 tmp % cat lamb.cpp
#include <iostream>
#include <functional>

template<typename T> struct C
{
    static T test(std::function<T(int)> f = [](int i){return i;})
    {return f(42);}
};

int main()
{
    C<int>::test();
    return 0;
}

markus at x4 tmp % clang++ -std=c++11 lamb.cpp
*** Error in `/usr/local/bin/clang': double free or corruption (out):
0x00000000023790a0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x79046)[0x7f2943672046]
/lib/libc.so.6(+0x79d27)[0x7f2943672d27]
/usr/local/bin/clang[0x89f32b]
/usr/local/bin/clang(_ZN5clang4Sema30PopExpressionEvaluationContextEv+0x215)[0x9a67f5]
/usr/local/bin/clang(_ZN5clang4Sema22BuildCXXDefaultArgExprENS_14SourceLocationEPNS_12FunctionDeclEPNS_11ParmVarDeclE+0x41f)[0x99201f]
/usr/local/bin/clang(_ZN5clang4Sema22GatherArgumentsForCallENS_14SourceLocationEPNS_12FunctionDeclEPKNS_17FunctionProtoTypeEjPPNS_4ExprEjRN4llvm11SmallVectorIS8_Lj8EEENS0_16V
ariadicCallTypeEb+0x1d6)[0x992af6]
/usr/local/bin/clang(_ZN5clang4Sema23ConvertArgumentsForCallEPNS_8CallExprEPNS_4ExprEPNS_12FunctionDeclEPKNS_17FunctionProtoTypeEPS4_jNS_14SourceLocationEb+0x300)[0x9924f0]
/usr/local/bin/clang(_ZN5clang4Sema21BuildResolvedCallExprEPNS_4ExprEPNS_9NamedDeclENS_14SourceLocationEPS2_jS5_S2_b+0x731)[0x9939e1]
...
======= Memory map: ========
00400000-0187f000 r-xp 00000000 08:12 35976                             
/usr/local/bin/clang
0187f000-01933000 rw-p 0147f000 08:12 35976                             
/usr/local/bin/clang
01933000-0193d000 rw-p 00000000 00:00 0 
019f0000-023d3000 rw-p 00000000 00:00 0                                  [heap]
7f29435f9000-7f294375d000 r-xp 00000000 08:12 4467637                   
/lib64/libc-2.16.90.so
7f294375d000-7f294395d000 ---p 00164000 08:12 4467637                   
/lib64/libc-2.16.90.so
7f294395d000-7f2943961000 r--p 00164000 08:12 4467637                   
/lib64/libc-2.16.90.so
7f2943961000-7f2943963000 rw-p 00168000 08:12 4467637                   
/lib64/libc-2.16.90.so
7f2943963000-7f2943967000 rw-p 00000000 00:00 0 
7f2943967000-7f2943a52000 r-xp 00000000 08:12 72115136                  
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.0/libstdc++.so.6.0.17
...
0  clang           0x0000000001620b02
1  clang           0x0000000001620e83
2  libpthread.so.0 0x00007f2943f0c250
3  libc.so.6       0x00007f294362df07 gsignal + 55
4  libc.so.6       0x00007f294362f398 abort + 328
5  libc.so.6       0x00007f294366c477
6  libc.so.6       0x00007f2943672046
7  libc.so.6       0x00007f2943672d27
8  clang           0x000000000089f32b
9  clang           0x00000000009a67f5
clang::Sema::PopExpressionEvaluationContext() + 533
10 clang           0x000000000099201f
clang::Sema::BuildCXXDefaultArgExpr(clang::SourceLocation,
clang::FunctionDecl*, clang::ParmVarDecl*) + 1055
11 clang           0x0000000000992af6
clang::Sema::GatherArgumentsForCall(clang::SourceLocation,
clang::FunctionDecl*, clang::FunctionProtoType const*, unsigned int,
clang::Expr**, unsigned int, llvm::SmallVector<clang::Expr*, 8u>&,
clang::Sema::VariadicCallType, bool) + 470
12 clang           0x00000000009924f0
clang::Sema::ConvertArgumentsForCall(clang::CallExpr*, clang::Expr*,
clang::FunctionDecl*, clang::FunctionProtoType const*, clang::Expr**, unsigned
int, clang::SourceLocation, bool) + 768
13 clang           0x00000000009939e1
clang::Sema::BuildResolvedCallExpr(clang::Expr*, clang::NamedDecl*,
clang::SourceLocation, clang::Expr**, unsigned int, clang::SourceLocation,
clang::Expr*, bool) + 1841
14 clang           0x0000000000988f60 clang::Sema::ActOnCallExpr(clang::Scope*,
clang::Expr*, clang::SourceLocation, llvm::MutableArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*, bool) + 1200
15 clang           0x00000000008589e7
clang::Parser::ParsePostfixExpressionSuffix(clang::ActionResult<clang::Expr*,
true>) + 2791
16 clang           0x000000000085bdbb clang::Parser::ParseCastExpression(bool,
bool, bool&, clang::Parser::TypeCastState) + 11835
17 clang           0x00000000008567c6
clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) + 118
18 clang           0x0000000000856739
clang::Parser::ParseExpression(clang::Parser::TypeCastState) + 9
19 clang           0x000000000087d918 clang::Parser::ParseExprStatement() + 56
20 clang           0x000000000087d4d3
clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*,
32u>&, bool, clang::SourceLocation*, clang::Parser::ParsedAttributesWithRange&)
+ 2291
21 clang           0x000000000087cb7a
clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*,
32u>&, bool, clang::SourceLocation*) + 154
22 clang           0x00000000008831be
clang::Parser::ParseCompoundStatementBody(bool) + 1614
23 clang           0x0000000000884cbd
clang::Parser::ParseFunctionStatementBody(clang::Decl*,
clang::Parser::ParseScope&) + 157
24 clang           0x000000000083072a
clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&,
clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) +
1914
25 clang           0x000000000083c57b
clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, unsigned int, bool,
clang::SourceLocation*, clang::Parser::ForRangeInit*) + 1403
26 clang           0x000000000082feba
clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec&, clang::AccessSpecifier) + 586
27 clang           0x000000000082fa65
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*, clang::AccessSpecifier) + 309
28 clang           0x000000000082ef3f
clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*) + 2191
29 clang           0x000000000082e62a
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&) + 314
30 clang           0x000000000082ba46 clang::ParseAST(clang::Sema&, bool, bool)
+ 470
31 clang           0x000000000072a27d clang::CodeGenAction::ExecuteAction() +
77
32 clang           0x00000000005fcebb clang::FrontendAction::Execute() + 91
33 clang           0x00000000005e15ad
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 845
34 clang           0x00000000005cb821
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 3505
35 clang           0x00000000005c2ded cc1_main(char const**, char const**, char
const*, void*) + 621
36 clang           0x00000000005c7cac main + 2988
37 libc.so.6       0x00007f294361a885 __libc_start_main + 245
38 clang           0x00000000005c2ab9
Stack dump:
0.      Program arguments: /usr/local/bin/clang -cc1 -triple
x86_64-unknown-linux-gnu -emit-obj -mrelax-all -disable-free
-disable-llvm-verifier -main-file-name lamb.cpp -mrelocation-model static
-mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases
-munwind-tables -fuse-init-array -target-cpu x86-64 -target-linker-version
2.23.51.20121009 -momit-leaf-frame-pointer -resource-dir
/usr/local/bin/../lib/clang/3.2 -fmodule-cache-path /var/tmp/clang-module-cache
-I/var/intel/composer_xe_2013.1.117/mkl/include
-I/var/intel/composer_xe_2013.1.117/tbb/include -internal-isystem
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.0/include/g++-v4 -internal-isystem
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.0/include/g++-v4/x86_64-pc-linux-gnu
-internal-isystem
/usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.0/include/g++-v4/backward
-internal-isystem /usr/local/include -internal-isystem
/usr/local/bin/../lib/clang/3.2/include -internal-externc-isystem /include
-internal-externc-isystem /usr/include -std=c++11 -fdeprecated-macro
-fdebug-compilation-dir /var/tmp -ferror-limit 19 -fmessage-length 174
-mstackrealign -fobjc-runtime=gcc -fcxx-exceptions -fexceptions
-fdiagnostics-show-option -fcolor-diagnostics -o /tmp/lamb-tzmWOZ.o -x c++
lamb.cpp 
1.      lamb.cpp:12:18: current parser token ')'
2.      lamb.cpp:11:1: parsing function body 'main'
3.      lamb.cpp:11:1: in compound statement ('{}')
clang: error: unable to execute command: Aborted
clang: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 3.2 
Target: x86_64-unknown-linux-gnu
Thread model: posix

libc++ is fine:
markus at x4 tmp % clang++ -stdlib=libc++ -std=c++11 lamb.cpp
markus at x4 tmp %

(clang was build with --disable-assertions --enable-optimized)

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list