[llvm-bugs] [Bug 43946] New: Invocation of memset with incorrect number of arguments results in segfault

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Nov 8 09:08:12 PST 2019 

https://bugs.llvm.org/show_bug.cgi?id=43946

            Bug ID: 43946
           Summary: Invocation of memset with incorrect number of
                    arguments results in segfault
           Product: clang
           Version: 9.0
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: C
          Assignee: unassignedclangbugs at nondot.org
          Reporter: mprice at synopsys.com
                CC: blitzrakete at gmail.com, dgregor at apple.com,
                    erik.pilkington at gmail.com, llvm-bugs at lists.llvm.org,
                    richard-llvm at metafoo.co.uk

As a part of testing our product that is based on Clang, we run our tool
against many packages that ship as a part of the Debian Linux distribution.

We recently upgraded our tool to be based off of Clang 9, and our Debian
package tests exposed a segfault.

There are a handful of packages [see Threaded USENET news reader (trn4,
https://packages.debian.org/jessie/trn4) as well as the PennMUSH virtual world
server (pennmush 1.8.2p8-1.1, https://packages.debian.org/jessie/pennmush)]
that use a bash script to configure the build process. Part of this is probing
the compiler to see what features are available. As a part of that probing, it
attempts to compile a source code that is similar to:

int main () {
    extern void memset();
    memset();
}

This compiles fine in Clang 8, but in Clang 9 it causes a segfault. The issue
appears to be in the the function
`clang::Sema::checkFortifiedBuiltinMemoryFunction`. I suspect it's not prepared
to handle such an unexpected call to `memset`. My understanding is that this
function is intended to emit a runtime diagnostic letting the user that they've
misused this C library function.

Here is a Compiler Explorer link showing the source, and the differences
between Clang 8 and Clang 9 behavior. https://c.godbolt.org/z/7dJxjJ

The output that Clang 9 shows is:

==========================================================================

<source>:2:17: warning: incompatible redeclaration of library function 'memset'
[-Wincompatible-library-redeclaration]

    extern void memset();

                ^

<source>:2:17: note: 'memset' is a builtin with type 'void *(void *, int,
unsigned long)'

Stack dump:

0.      Program arguments: /opt/compiler-explorer/clang-9.0.0/bin/clang-9 -cc1
-triple x86_64-unknown-linux-gnu -fsyntax-only -disable-free
-disable-llvm-verifier -discard-value-names -main-file-name example.c
-mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno
-masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array
-target-cpu x86-64 -dwarf-column-info -debug-info-kind=limited -dwarf-version=4
-debugger-tuning=gdb -resource-dir
/opt/compiler-explorer/clang-9.0.0/lib/clang/9.0.0 -internal-isystem
/usr/local/include -internal-isystem
/opt/compiler-explorer/clang-9.0.0/lib/clang/9.0.0/include
-internal-externc-isystem /usr/include/x86_64-linux-gnu
-internal-externc-isystem /include -internal-externc-isystem /usr/include
-fdebug-compilation-dir /home/ubuntu -ferror-limit 19 -fmessage-length 0
-fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics -mllvm
--x86-asm-syntax=intel -faddrsig -x c <source> 

1.      <source>:3:12: current parser token ')'

2.      <source>:1:13: parsing function body 'main'

3.      <source>:1:13: in compound statement ('{}')

 #0 0x000055cdbf2c476a llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x27db76a)

 #1 0x000055cdbf2c2524 llvm::sys::RunSignalHandlers()
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x27d9524)

 #2 0x000055cdbf2c2662 SignalHandler(int)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x27d9662)

 #3 0x00007f57ca88a890 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)

 #4 0x000055cdc092fc8e
clang::Sema::checkFortifiedBuiltinMemoryFunction(clang::FunctionDecl*,
clang::CallExpr*) (/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3e46c8e)

 #5 0x000055cdc0b61377 clang::Sema::BuildResolvedCallExpr(clang::Expr*,
clang::NamedDecl*, clang::SourceLocation, llvm::ArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*, bool, clang::CallExpr::ADLCallKind)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x4078377)

 #6 0x000055cdc0b61e7e clang::Sema::BuildCallExpr(clang::Scope*, clang::Expr*,
clang::SourceLocation, llvm::MutableArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x4078e7e)

 #7 0x000055cdc0b631f2 clang::Sema::ActOnCallExpr(clang::Scope*, clang::Expr*,
clang::SourceLocation, llvm::MutableArrayRef<clang::Expr*>,
clang::SourceLocation, clang::Expr*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x407a1f2)

 #8 0x000055cdc083d13f
clang::Parser::ParsePostfixExpressionSuffix(clang::ActionResult<clang::Expr*,
true>) (/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d5413f)

 #9 0x000055cdc0837e0f clang::Parser::ParseCastExpression(bool, bool, bool&,
clang::Parser::TypeCastState, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d4ee0f)

#10 0x000055cdc083a2f4 clang::Parser::ParseCastExpression(bool, bool,
clang::Parser::TypeCastState, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d512f4)

#11 0x000055cdc083b4b1
clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d524b1)

#12 0x000055cdc083c129
clang::Parser::ParseExpression(clang::Parser::TypeCastState)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d53129)

#13 0x000055cdc088501d
clang::Parser::ParseExprStatement(clang::Parser::ParsedStmtContext)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d9c01d)

#14 0x000055cdc08829b2
clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*,
32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*,
clang::Parser::ParsedAttributesWithRange&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d999b2)

#15 0x000055cdc0884209
clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*,
32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d9b209)

#16 0x000055cdc0887831 clang::Parser::ParseCompoundStatementBody(bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d9e831)

#17 0x000055cdc088a8f3 clang::Parser::ParseFunctionStatementBody(clang::Decl*,
clang::Parser::ParseScope&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3da18f3)

#18 0x000055cdc07f7578
clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&,
clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d0e578)

#19 0x000055cdc0817d81 clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&,
clang::DeclaratorContext, clang::SourceLocation*, clang::Parser::ForRangeInit*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d2ed81)

#20 0x000055cdc07f24c9
clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec&, clang::AccessSpecifier)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d094c9)

#21 0x000055cdc07f31a1
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*, clang::AccessSpecifier) (.part.207)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d0a1a1)

#22 0x000055cdc07fa416
clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d11416)

#23 0x000055cdc07fae79
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d11e79)

#24 0x000055cdc07fb3a5
clang::Parser::ParseFirstTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d123a5)

#25 0x000055cdc07eec36 clang::ParseAST(clang::Sema&, bool, bool)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x3d05c36)

#26 0x000055cdbf995529 clang::FrontendAction::Execute()
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x2eac529)

#27 0x000055cdbf958bf5
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x2e6fbf5)

#28 0x000055cdbfa58f23
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0x2f6ff23)

#29 0x000055cdbd7f7140 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0xd0e140)

#30 0x000055cdbd755882 main
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0xc6c882)

#31 0x00007f57c9748b97 __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b97)

#32 0x000055cdbd7f47fa _start
(/opt/compiler-explorer/clang-9.0.0/bin/clang-9+0xd0b7fa)

clang-9: error: unable to execute command: Segmentation fault (core dumped)

clang-9: error: clang frontend command failed due to signal (use -v to see
invocation)

Compiler returned: 254

==========================================================================

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20191108/efe1ca32/attachment-0001.html>

More information about the llvm-bugs mailing list