[llvm-bugs] [Bug 50445] New: Undefined behaviour in ifstream assignment operator

via llvm-bugs llvm-bugs at lists.llvm.org
Sat May 22 08:03:21 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=50445

            Bug ID: 50445
           Summary: Undefined behaviour in ifstream assignment operator
           Product: libc++
           Version: 12.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: tonyelewis at hotmail.com
                CC: llvm-bugs at lists.llvm.org, mclow.lists at gmail.com

Compiling the following code with `clang++ -g -std=c++17 -stdlib=libc++
-fsanitize=undefined a.cpp -o a.clang_bin && ./a.clang_bin` :


#include <filesystem>
#include <fstream>

int main() {
        ::std::ifstream the_ifstream;
        the_ifstream = ::std::ifstream( ::std::filesystem::path{ "txt1" } );
        the_ifstream = ::std::ifstream( ::std::filesystem::path{ "txt2" } );
}


…and then running it (after creating local files txt1 and txt2 and settting
environment variable UBSAN_OPTIONS to `print_stacktrace=1`), I get:


/llvm/bin/../include/c++/v1/fstream:445:35: runtime error: applying non-zero
offset to non-null pointer 0x0000022de3c0 produced null pointer
    #0 0x446357 in std::__1::basic_filebuf<char, std::__1::char_traits<char>
>::swap(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&)
/llvm/bin/../include/c++/v1/fstream:445:35
    #1 0x4444d3 in std::__1::basic_filebuf<char, std::__1::char_traits<char>
>::operator=(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&&)
/llvm/bin/../include/c++/v1/fstream:392:5
    #2 0x42e23d in std::__1::basic_ifstream<char, std::__1::char_traits<char>
>::operator=(std::__1::basic_ifstream<char, std::__1::char_traits<char> >&&)
/llvm/bin/../include/c++/v1/fstream:1259:11
    #3 0x42d9e4 in main /tmp/a.cpp:7:15
    #4 0x7f9677cf20b2 in __libc_start_main
/build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x40564d in _start (/tmp/a.clang_bin+0x40564d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/llvm/bin/../include/c++/v1/fstream:445:35 in 
/llvm/bin/../include/c++/v1/fstream:446:34: runtime error: applying non-zero
offset to non-null pointer 0x0000022de3c0 produced null pointer
    #0 0x446501 in std::__1::basic_filebuf<char, std::__1::char_traits<char>
>::swap(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&)
/llvm/bin/../include/c++/v1/fstream:446:34
    #1 0x4444d3 in std::__1::basic_filebuf<char, std::__1::char_traits<char>
>::operator=(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&&)
/llvm/bin/../include/c++/v1/fstream:392:5
    #2 0x42e23d in std::__1::basic_ifstream<char, std::__1::char_traits<char>
>::operator=(std::__1::basic_ifstream<char, std::__1::char_traits<char> >&&)
/llvm/bin/../include/c++/v1/fstream:1259:11
    #3 0x42d9e4 in main /tmp/a.cpp:7:15
    #4 0x7f9677cf20b2 in __libc_start_main
/build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x40564d in _start (/tmp/a.clang_bin+0x40564d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/llvm/bin/../include/c++/v1/fstream:446:34 in 
/llvm/bin/../include/c++/v1/fstream:447:47: runtime error: pointer index
expression with base 0x7ffcc28d84f8 overflowed to 0xfffffffffffffd38
    #0 0x446656 in std::__1::basic_filebuf<char, std::__1::char_traits<char>
>::swap(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&)
/llvm/bin/../include/c++/v1/fstream:447:47
    #1 0x4444d3 in std::__1::basic_filebuf<char, std::__1::char_traits<char>
>::operator=(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&&)
/llvm/bin/../include/c++/v1/fstream:392:5
    #2 0x42e23d in std::__1::basic_ifstream<char, std::__1::char_traits<char>
>::operator=(std::__1::basic_ifstream<char, std::__1::char_traits<char> >&&)
/llvm/bin/../include/c++/v1/fstream:1259:11
    #3 0x42d9e4 in main /tmp/a.cpp:7:15
    #4 0x7f9677cf20b2 in __libc_start_main
/build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x40564d in _start (/tmp/a.clang_bin+0x40564d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/llvm/bin/../include/c++/v1/fstream:447:47 in 
/llvm/bin/../include/c++/v1/fstream:448:46: runtime error: pointer index
expression with base 0x7ffcc28d84f8 overflowed to 0xfffffffffffffd38
    #0 0x446752 in std::__1::basic_filebuf<char, std::__1::char_traits<char>
>::swap(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&)
/llvm/bin/../include/c++/v1/fstream:448:46
    #1 0x4444d3 in std::__1::basic_filebuf<char, std::__1::char_traits<char>
>::operator=(std::__1::basic_filebuf<char, std::__1::char_traits<char> >&&)
/llvm/bin/../include/c++/v1/fstream:392:5
    #2 0x42e23d in std::__1::basic_ifstream<char, std::__1::char_traits<char>
>::operator=(std::__1::basic_ifstream<char, std::__1::char_traits<char> >&&)
/llvm/bin/../include/c++/v1/fstream:1259:11
    #3 0x42d9e4 in main /tmp/a.cpp:7:15
    #4 0x7f9677cf20b2 in __libc_start_main
/build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x40564d in _start (/tmp/a.clang_bin+0x40564d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/llvm/bin/../include/c++/v1/fstream:448:46 in


I'm using a build of a recent commit (34c098b780a27a90b5614ea3b949b9269835f2a5,
11th May, 2021).

The issue can also be seen on trunk on Compiler Explorer :
https://godbolt.org/z/h5zc8jsvd


Thank you very much for all work on libc++.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210522/bc443258/attachment.html>

More information about the llvm-bugs mailing list