[llvm-bugs] [Bug 24878] New: Abort trap(6) and "detected buffer overflow" message with trunk clang but not Apple clang
via llvm-bugs
llvm-bugs at lists.llvm.org
Fri Sep 18 13:50:57 PDT 2015
https://llvm.org/bugs/show_bug.cgi?id=24878
Bug ID: 24878
Summary: Abort trap(6) and "detected buffer overflow" message
with trunk clang but not Apple clang
Product: clang
Version: trunk
Hardware: PC
OS: MacOS X
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: alex at rogue-research.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
Created attachment 14905
--> https://llvm.org/bugs/attachment.cgi?id=14905&action=edit
small code to reproduce problem
I have the following two clang versions:
- trunk
$ clang --version
clang version 3.8.0 (trunk 248023)
- clang from Xcode 7:
$ /usr/bin/clang --version
Apple LLVM version 7.0.0 (clang-700.0.72)
Target: x86_64-apple-darwin15.0.0
This is on Mac OS 10.10.5.
The following code is crashing with trunk, but works with Apple's clang.
$ clang -o trap trap.c
$ ./trap
Abort trap: 6
Also when looking in the OS X Console app, the following line appears:
2015-09-18 16:46:05.663 trap[2785]: detected buffer overflow
Here is the crash in LLDB:
(lldb) r
Process 2796 launched: '/Users/builder/external/mini.repro/trap' (x86_64)
Process 2796 stopped
* thread #1: tid = 0x165461, 0x00007fff8a3190ae
libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread',
stop reason = signal SIGABRT
frame #0: 0x00007fff8a3190ae libsystem_kernel.dylib`__pthread_kill + 10
libsystem_kernel.dylib`__pthread_kill:
-> 0x7fff8a3190ae <+10>: jae 0x7fff8a3190b8 ; <+20>
0x7fff8a3190b0 <+12>: movq %rax, %rdi
0x7fff8a3190b3 <+15>: jmp 0x7fff8a3143ef ; cerror_nocancel
0x7fff8a3190b8 <+20>: retq
(lldb) bt
* thread #1: tid = 0x165461, 0x00007fff8a3190ae
libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread',
stop reason = signal SIGABRT
* frame #0: 0x00007fff8a3190ae libsystem_kernel.dylib`__pthread_kill + 10
frame #1: 0x00007fff917fc500 libsystem_pthread.dylib`pthread_kill + 90
frame #2: 0x00007fff97c7f37b libsystem_c.dylib`abort + 129
frame #3: 0x00007fff97c7f4f2 libsystem_c.dylib`abort_report_np + 181
frame #4: 0x00007fff97ca59cc libsystem_c.dylib`__chk_fail + 48
frame #5: 0x00007fff97ca599c libsystem_c.dylib`__chk_fail_overflow + 16
frame #6: 0x00007fff97ca5be9 libsystem_c.dylib`__strcpy_chk + 83
frame #7: 0x0000000100000f14 trap`main + 100
frame #8: 0x00007fff966a15ad libdyld.dylib`start + 1
sincerely,
Alex Ciobanu
//===== trap.c ===============
#include <stddef.h>
#include <stdlib.h>
#include <wchar.h>
#include <string.h>
// Struct as defined in libarchive/archive_read_open_filename.c:
//
http://web.mit.edu/freebsd/head/contrib/libarchive/libarchive/archive_read_open_filename.c
struct read_file_data {
int fd;
union {
char m[1]; /* MBS filename. */
wchar_t w[1]; /* WCS filename. */
} filename; /* Must be last! */
};
int main ()
{
const wchar_t *longName = L"VeryLongName";
// Allocate enough memory for long name.
struct read_file_data *mine = ( struct read_file_data * ) calloc ( 1,
sizeof ( *mine ) + wcslen ( longName ) * sizeof ( wchar_t ) );
// Fail to copy short name.
const char *shortName = "abc";
strcpy(mine->filename.m, shortName);
// Above copy scenario happens in
libarchive/archive_read_open_filename.c:201. (See link above).
return 0;
}
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150918/b2514ea7/attachment.html>
More information about the llvm-bugs
mailing list