[llvm-bugs] [Bug 50914] New: telegram-desktop 2.8.1 crashes on startup with an Illegal Instruction if built with clang

via llvm-bugs llvm-bugs at lists.llvm.org
Sun Jun 27 12:56:02 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=50914

            Bug ID: 50914
           Summary: telegram-desktop 2.8.1 crashes on startup with an
                    Illegal Instruction if built with clang
           Product: new-bugs
           Version: 12.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: bero at lindev.ch
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org

Unfortunately there's no small test case for this yet.

Building telegram-desktop 2.8.1 from

https://github.com/telegramdesktop/tdesktop/releases/download/v2.8.1/tdesktop-2.8.1-full.tar.gz

with clang 12.0 (and 12.0.1-rc) results in a crash on startup with an illegal
instruction error.

Disassembly shows an ud2 call that looks like it's part of the stack smashing
protector, but there's no SSP error shown and the code works perfectly when
built with gcc (with SSP enabled). It looks like the actual call is happening
in libGLdispatch constructors (which is odd, libGLdispatch happens to be used
in a lot of other applications without triggering an error like this).

(gdb) r
Starting program: /usr/bin/telegram-desktop 
Program received signal SIGILL, Illegal instruction.
0x00000000045967fc in calloc ()
(gdb) bt
#0  0x00000000045967fc in calloc ()
#1  0x00007ffff26f9b43 in _dlerror_run () at /lib64/libdl.so.2
#2  0x00007ffff26f9459 in dlsym () at /lib64/libdl.so.2
#3  0x00007fffeeb7f5b9 in glvndSetupPthreads () at
../src/util/glvnd_pthread.c:443
#4  __glDispatchOnLoadInit () at ../src/GLdispatch/GLdispatch.c:169
#5  0x00007ffff7fdcc8e in call_init () at /lib64/ld-linux-x86-64.so.2
#6  0x00007ffff7fdcd6c in _dl_init () at /lib64/ld-linux-x86-64.so.2
#7  0x00007ffff7fcd08a in  () at /lib64/ld-linux-x86-64.so.2
#8  0x0000000000000001 in  ()
#9  0x00007fffffffd744 in  ()
#10 0x0000000000000000 in  ()
(gdb) disassemble
Dump of assembler code for function calloc:
   0x00000000045967b0 <+0>:     push   %rax
   0x00000000045967b1 <+1>:     mov    %fs:0x28,%rax
   0x00000000045967ba <+10>:    mov    %rax,(%rsp)
   0x00000000045967be <+14>:    test   %rsi,%rsi
   0x00000000045967c1 <+17>:    je     0x45967d8 <calloc+40>
   0x00000000045967c3 <+19>:    mov    %rsi,%rax
   0x00000000045967c6 <+22>:    mul    %rdi
   0x00000000045967c9 <+25>:    jno    0x45967d8 <calloc+40>
   0x00000000045967cb <+27>:    call   0x459ef30 <__errno_location at plt>
   0x00000000045967d0 <+32>:    movl   $0xc,(%rax)
   0x00000000045967d6 <+38>:    jmp    0x45967e9 <calloc+57>
   0x00000000045967d8 <+40>:    imul   %rdi,%rsi
   0x00000000045967dc <+44>:    mov    %rsi,%rdi
   0x00000000045967df <+47>:    call   0x4595a70 <malloc>
   0x00000000045967e4 <+52>:    test   %rax,%rax
   0x00000000045967e7 <+55>:    jne    0x45967fc <calloc+76>
   0x00000000045967e9 <+57>:    mov    %fs:0x28,%rax
   0x00000000045967f2 <+66>:    cmp    (%rsp),%rax
   0x00000000045967f6 <+70>:    jne    0x45967fe <calloc+78>
   0x00000000045967f8 <+72>:    xor    %eax,%eax
   0x00000000045967fa <+74>:    pop    %rcx
   0x00000000045967fb <+75>:    ret    
=> 0x00000000045967fc <+76>:    ud2    
   0x00000000045967fe <+78>:    call   0x4597630 <__stack_chk_fail at plt>
End of assembler dump.


This happens regardless of whether or not telegram-desktop was built with
-fstack-protector (__stack_chk_fail references come from libraries being linked
in that were built with -fstack-protector-all).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210627/94f8f38f/attachment.html>

More information about the llvm-bugs mailing list