[llvm-bugs] [Bug 46310] New: Assertion `Parser->TemplateParams.size() >= OldNumTemplateParamLists' failed.

via llvm-bugs llvm-bugs at lists.llvm.org
Sat Jun 13 00:11:04 PDT 2020 

https://bugs.llvm.org/show_bug.cgi?id=46310

            Bug ID: 46310
           Summary: Assertion `Parser->TemplateParams.size() >=
                    OldNumTemplateParamLists' failed.
           Product: libc++abi
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: natalierice at yeah.net
                CC: llvm-bugs at lists.llvm.org, mclow.lists at gmail.com

cxa_demangle_fuzzer-asan: libcxxabi/src/demangle/ItaniumDemangle.h:2358:
{anonymous}::itanium_demangle::AbstractManglingParser<Derived,
Alloc>::ScopedTemplateParamList::~ScopedTemplateParamList() [with Derived =
{anonymous}::itanium_demangle::ManglingParser<{anonymous}::DefaultAllocator>;
Alloc = {anonymous}::DefaultAllocator]: Assertion
`Parser->TemplateParams.size() >= OldNumTemplateParamLists' failed.
Aborted (core dumped)

# Crashwalk report
---CRASH SUMMARY---
Filename: crash/id:000075,sig:06,src:003258+005715,op:splice,rep:2
SHA1: 8386def13fd91b317070f1e529f24a7d7035c843
Classification: UNKNOWN
Hash: 66807e4bd3b1950ef1fb154655b72dab.707324742d90def81626729c9230e899
Command: ./cxa_demangle_fuzzer
crash/id:000075,sig:06,src:003258+005715,op:splice,rep:2
Faulting Frame:
   (anonymous namespace)::itanium_demangle::AbstractManglingParser<(anonymous
namespace)::itanium_demangle::ManglingParser<(anonymous
namespace)::DefaultAllocator>, (anonymous
namespace)::DefaultAllocator>::ScopedTemplateParamList::~ScopedTemplateParamList()
@ 0x0000000000423948: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
Disassembly:
   0x00007ffff7bef3da: xor edx,edx
   0x00007ffff7bef3dc: mov rsi,r9
   0x00007ffff7bef3df: mov edi,0x2
   0x00007ffff7bef3e4: mov eax,0xe
   0x00007ffff7bef3e9: syscall
=> 0x00007ffff7bef3eb: mov rax,QWORD PTR [rsp+0x108]
   0x00007ffff7bef3f3: xor rax,QWORD PTR fs:0x28
   0x00007ffff7bef3fc: jne 0x7ffff7bef424 <__GI_raise+260>
   0x00007ffff7bef3fe: mov eax,r8d
   0x00007ffff7bef401: add rsp,0x118
Stack Head (32 entries):
   __GI_raise                @ 0x00007ffff7bef3eb: in (BL)
   __GI_abort                @ 0x00007ffff7bce899: in (BL)
   __assert_fail_base        @ 0x00007ffff7bce769: in (BL)
   __GI___assert_fail        @ 0x00007ffff7be0006: in (BL)
   (anonymous                @ 0x0000000000423948: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000041e640: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000041b991: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000041539d: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000040f879: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000041139e: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000040e0f1: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x0000000000423b64: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000041e46b: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000041b991: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000041539d: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
   (anonymous                @ 0x000000000040f879: in
/home/natalie/Desktop/research/Bug/llvm-libcxxabi-ce3db12/cxa_demangle_fuzzer
Registers:
rax=0x0000000000000000 rbx=0x00007ffff7a59100 rcx=0x00007ffff7bef3eb
rdx=0x0000000000000000 
rsi=0x00007fffffffb990 rdi=0x0000000000000002 rbp=0x00007ffff7d62fb8
rsp=0x00007fffffffb990 
 r8=0x0000000000000000  r9=0x00007fffffffb990 r10=0x0000000000000008
r11=0x0000000000000246 
r12=0x000000000042a988 r13=0x0000000000000936 r14=0x000000000042d7f8
r15=0x0000000000000000 
rip=0x00007ffff7bef3eb efl=0x0000000000000246  cs=0x0000000000000033 
ss=0x000000000000002b 
 ds=0x0000000000000000  es=0x0000000000000000  fs=0x0000000000000000 
gs=0x0000000000000000 
Extra Data:
   Description: Abort signal
   Short description: AbortSignal (20/22)
   Explanation: The target is stopped on a SIGABRT. SIGABRTs are often
generated by libc and compiled check-code to indicate potentially exploitable
conditions. Unfortunately this command does not yet further analyze these
crashes.
---END SUMMARY---

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200613/b5a6982e/attachment.html>

More information about the llvm-bugs mailing list