[LLVMbugs] [Bug 14186] New: heap-buffer-overflow in clang::SourceManager::getColumnNumber while running with -E

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Fri Oct 26 04:49:51 PDT 2012 

http://llvm.org/bugs/show_bug.cgi?id=14186

             Bug #: 14186
           Summary: heap-buffer-overflow in
                    clang::SourceManager::getColumnNumber while running
                    with -E
           Product: clang
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: -New Bugs
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: kcc at google.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified


r166761, x86_64 linux
Running asan-ified clang (or clang under valgrind) in preprocessor mode 
causes a heap-buffer-overflow report. 

Can't minimize properly -- any minor change (e.g. removing empty line) hides
the crash. 

$ clang z.c  -E

==19819== ERROR: AddressSanitizer: heap-buffer-overflow on address
0x7f263db56040 at pc 0x9db7d36 bp 0x7fff1eaa1cb0 sp 0x7fff1eaa1ca8
READ of size 4 at 0x7f263db56040 thread T0
    #0 0x9db7d35 in clang::SourceManager::getColumnNumber(clang::FileID,
unsigned int, bool*) const llvm/tools/clang/lib/Basic/SourceManager.cpp:1038
    #1 0x9dbc253 in clang::SourceManager::getPresumedLoc(clang::SourceLocation)
const llvm/tools/clang/lib/Basic/SourceManager.cpp:1390
    #2 0xc4daff in (anonymous
namespace)::PrintPPOutputPPCallbacks::FileChanged(clang::SourceLocation,
clang::PPCallbacks::FileChangeReason, clang::SrcMgr::CharacteristicKind,
clang::FileID) llvm/tools/clang/lib/Frontend/PrintPreprĀ»
    #3 0x9ac8809 in clang::Preprocessor::HandleDigitDirective(clang::Token&)
llvm/tools/clang/lib/Lex/PPDirectives.cpp:1032
    #4 0x9ac4e05 in clang::Preprocessor::HandleDirective(clang::Token&)
llvm/tools/clang/lib/Lex/PPDirectives.cpp:654
    #5 0x99f8007 in clang::Lexer::LexTokenInternal(clang::Token&)
llvm/tools/clang/lib/Lex/Lexer.cpp:3208
    #6 0xbb64a2 in clang::Lexer::Lex(clang::Token&)
llvm/tools/clang/lib/Lex/../../include/clang/Lex/Lexer.h:147
    #7 0xbb21c1 in clang::Preprocessor::Lex(clang::Token&)
llvm/tools/clang/lib/Lex/../../include/clang/Lex/Preprocessor.h:692
    #8 0xc452a5 in clang::DoPrintPreprocessedInput(clang::Preprocessor&,
llvm::raw_ostream*, clang::PreprocessorOutputOptions const&)
llvm/tools/clang/lib/Frontend/PrintPreprocessedOutput.cpp:625
    #9 0xbafe54 in clang::PrintPreprocessedAction::ExecuteAction()
llvm/tools/clang/lib/Frontend/FrontendActions.cpp:437
    #10 0xb8f057 in clang::FrontendAction::Execute()
llvm/tools/clang/lib/Frontend/FrontendAction.cpp:384
    #11 0xa338c4 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:679
    #12 0x87d2d6 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:189
    #13 0x7d47c9 in cc1_main(char const**, char const**, char const*, void*)
llvm/tools/clang/tools/driver/cc1_main.cpp:168
    #14 0x84b6e7 in main llvm/tools/clang/tools/driver/driver.cpp:357
    #15 0x7f263e91176c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
0x7f263db56040 is located 0 bytes to the right of 4096-byte region
[0x7f263db55040,0x7f263db56040)
allocated by thread T0 here:
    #0 0x11e82370 in __interceptor_malloc
(llvm/build2/Debug+Asserts/bin/clang+0x11e82370)
    #1 0x96c6f5 in llvm::MallocAllocator::Allocate(unsigned long, unsigned
long) llvm/include/llvm/Support/Allocator.h:36
    #2 0x11b9446d in llvm::MallocSlabAllocator::Allocate(unsigned long)
llvm/lib/Support/Allocator.cpp:170
    #3 0x11b91862 in llvm::BumpPtrAllocator::StartNewSlab()
llvm/lib/Support/Allocator.cpp:53
    #4 0x11b92262 in llvm::BumpPtrAllocator::Allocate(unsigned long, unsigned
long) llvm/lib/Support/Allocator.cpp:91
    #5 0x9de4654 in clang::SrcMgr::ContentCache*
llvm::BumpPtrAllocator::Allocate<clang::SrcMgr::ContentCache>(unsigned long,
unsigned long) llvm/include/llvm/Support/Allocator.h:172
    #6 0x9da132f in
clang::SourceManager::getOrCreateContentCache(clang::FileEntry const*, bool)
llvm/tools/clang/lib/Basic/SourceManager.cpp:447
    #7 0xa6d353 in clang::SourceManager::createFileID(clang::FileEntry const*,
clang::SourceLocation, clang::SrcMgr::CharacteristicKind, int, unsigned int)
llvm/tools/clang/lib/Lex/../../include/clang/Basic/SourceManager.h:725
    #8 0xa49f3b in clang::SourceManager::createMainFileID(clang::FileEntry
const*, clang::SrcMgr::CharacteristicKind)
llvm/tools/clang/lib/Frontend/../../include/clang/Basic/SourceManager.h:694

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list