[LLVMbugs] [Bug 17249] New: clang --analyze segfault on a correct code

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sun Sep 15 08:41:13 PDT 2013 

http://llvm.org/bugs/show_bug.cgi?id=17249

            Bug ID: 17249
           Summary: clang --analyze segfault on a correct code
           Product: clang
           Version: 3.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: nicolas at limare.net
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

clang --analyze crashes on this code:

#include <stdlib.h>

int main(int argc, char **argv)
{
    int a = atoi(argv[1]);
    if (a < 0)
        a = 0;

    float * b = (float *) malloc(a * sizeof(float));
    free(b);

    return 0;
}


The critical part seems to be the conditional if section. Crash output is:

$ clang --analyze -v crasher.c 
Debian clang version 3.0-6.2 (tags/RELEASE_30/final) (based on LLVM 3.0)
Target: x86_64-pc-linux-gnu
Thread model: posix
 "/usr/bin/clang" -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free
-disable-llvm-verifier -main-file-name crasher.c -analyzer-store=region
-analyzer-opt-analyze-nested-blocks -analyzer-eagerly-assume
-analyzer-checker=core -analyzer-checker=deadcode -analyzer-checker=security
-analyzer-checker=unix -analyzer-output plist -w -mrelocation-model static
-mdisable-fp-elim -masm-verbose -mconstructor-aliases -munwind-tables
-target-cpu x86-64 -target-linker-version 2.22 -momit-leaf-frame-pointer -v
-resource-dir /usr/bin/../lib/clang/3.0 -fmodule-cache-path
/var/tmp/clang-module-cache -internal-isystem /usr/local/include
-internal-isystem /usr/bin/../lib/clang/3.0/include -internal-externc-isystem
/usr/include/x86_64-linux-gnu -internal-externc-isystem /usr/include
-ferror-limit 19 -fmessage-length 238 -fgnu-runtime -fobjc-runtime-has-arc
-fobjc-runtime-has-weak -fobjc-fragile-abi -fdiagnostics-show-option
-fcolor-diagnostics -o crasher.plist -x c crasher.c
clang -cc1 version 3.0 based upon llvm 3.0 hosted on x86_64-pc-linux-gnu
ignoring nonexistent directory "/usr/bin/../lib/clang/3.0/include"
ignoring nonexistent directory "/usr/include/clang/3.0/include/"
ignoring nonexistent directory "/usr/bin/../lib/clang/3.0/include"
ignoring duplicate directory "/usr/local/include"
ignoring duplicate directory "/usr/include/x86_64-linux-gnu"
ignoring duplicate directory "/usr/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/local/include
 /usr/include/x86_64-linux-gnu
 /usr/include
 /usr/lib/gcc/x86_64-linux-gnu/4.6/include/
 /usr/lib/gcc/x86_64-linux-gnu/4.6/include-fixed/
End of search list.
0  libLLVM-3.0.so.1 0x00007f3d02dff94f
1  libLLVM-3.0.so.1 0x00007f3d02dffd99
2  libpthread.so.0  0x00007f3d01d7f210
3  clang            0x0000000000b50920
4  clang            0x0000000000b59db2
clang::ento::GRBugReporter::GeneratePathDiagnostic(clang::ento::PathDiagnostic&,
llvm::SmallVectorImpl<clang::ento::BugReport*>&) + 9106
5  clang            0x0000000000b535b2
clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) + 3122
6  clang            0x0000000000b5a3a8 clang::ento::BugReporter::FlushReports()
+ 1032
7  clang            0x0000000000aa46b0
8  clang            0x0000000000aa4fb8
9  clang            0x0000000000aa6211
10 clang            0x0000000000aa6aae
11 clang            0x0000000000aa6c4a
12 clang            0x00000000007e80ab clang::ParseAST(clang::Sema&, bool) +
395
13 clang            0x00000000005de983
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 307
14 clang            0x00000000005c9911
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1041
15 clang            0x00000000005c2fc4 cc1_main(char const**, char const**,
char const*, void*) + 804
16 clang            0x00000000005c1f75 main + 6965
17 libc.so.6        0x00007f3d00db8995 __libc_start_main + 245
18 clang            0x00000000005c2b01
Stack dump:
0.    Program arguments: /usr/bin/clang -cc1 -triple x86_64-pc-linux-gnu
-analyze -disable-free -disable-llvm-verifier -main-file-name crasher.c
-analyzer-store=region -analyzer-opt-analyze-nested-blocks
-analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=deadcode
-analyzer-checker=security -analyzer-checker=unix -analyzer-output plist -w
-mrelocation-model static -mdisable-fp-elim -masm-verbose -mconstructor-aliases
-munwind-tables -target-cpu x86-64 -target-linker-version 2.22
-momit-leaf-frame-pointer -v -resource-dir /usr/bin/../lib/clang/3.0
-fmodule-cache-path /var/tmp/clang-module-cache -internal-isystem
/usr/local/include -internal-isystem /usr/bin/../lib/clang/3.0/include
-internal-externc-isystem /usr/include/x86_64-linux-gnu
-internal-externc-isystem /usr/include -ferror-limit 19 -fmessage-length 238
-fgnu-runtime -fobjc-runtime-has-arc -fobjc-runtime-has-weak -fobjc-fragile-abi
-fdiagnostics-show-option -fcolor-diagnostics -o crasher.plist -x c crasher.c 
1.    <eof> parser at end of file
clang: error: unable to execute command: Segmentation fault
clang: error: clang frontend command failed due to signal 2 (use -v to see
invocation)
clang: note: diagnostic msg: Please submit a bug report to
http://llvm.org/bugs/ and include command line arguments and all diagnostic
information.
clang: note: diagnostic msg: Preprocessed source(s) are located at:
clang: note: diagnostic msg: /tmp/crasher-SG0aml.i

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20130915/7c8beef2/attachment.html>

More information about the llvm-bugs mailing list