[llvm-dev] Ubuntu APT, lldb crash, fix suggestion

[Eugene Kosov via llvm-dev]

Hello.

I use these packages http://llvm.org/apt/

llldb doesn't work. It crashes on start with the following backtrace.

#0  0x00007ffff475f8f9 in llvm::cl::Option::addArgument() () from /usr/lib/x86_64-linux-gnu/libLLVM-3.8.so.1
#1  0x00007fffee3787af in global constructors keyed to a () from /usr/local/lib/python2.7/dist-packages/lldb/_lldb.so
#2  0x00007fffefc6e020 in __frame_dummy_init_array_entry () from /usr/local/lib/python2.7/dist-packages/lldb/_lldb.so
#3  0x00007fffffffdec8 in ?? ()
#4  0x00007fffffffded8 in ?? ()
#5  0x00007fffefc6e258 in __frame_dummy_init_array_entry ()
#6  0x0000000000000000 in ?? ()

Dump of assembler code for function _ZN4llvm2cl6Option11addArgumentEv:
   0x00007ffff475f8b0 <+0>:	push   %r15
   0x00007ffff475f8b2 <+2>:	push   %r14
   0x00007ffff475f8b4 <+4>:	push   %r13
   0x00007ffff475f8b6 <+6>:	push   %r12
   0x00007ffff475f8b8 <+8>:	push   %rbp
   0x00007ffff475f8b9 <+9>:	push   %rbx
   0x00007ffff475f8ba <+10>:	mov    %rdi,%rbx
   0x00007ffff475f8bd <+13>:	sub    $0x58,%rsp
   0x00007ffff475f8c1 <+17>:	mov    0xe64818(%rip),%rbp        # 0x7ffff55c40e0
   0x00007ffff475f8c8 <+24>:	mov    %fs:0x28,%rax
   0x00007ffff475f8d1 <+33>:	mov    %rax,0x48(%rsp)
   0x00007ffff475f8d6 <+38>:	xor    %eax,%eax
   0x00007ffff475f8d8 <+40>:	callq  0x7ffff47a1740 <_ZN4llvm21llvm_is_multithreadedEv>
   0x00007ffff475f8dd <+45>:	test   %al,%al
   0x00007ffff475f8df <+47>:	jne    0x7ffff475fac0 <_ZN4llvm2cl6Option11addArgumentEv+528>
   0x00007ffff475f8e5 <+53>:	test   %rbp,%rbp
   0x00007ffff475f8e8 <+56>:	je     0x7ffff475face <_ZN4llvm2cl6Option11addArgumentEv+542>
   0x00007ffff475f8ee <+62>:	mov    0x18(%rbx),%r12
   0x00007ffff475f8f2 <+66>:	mov    0xe647e7(%rip),%rbp        # 0x7ffff55c40e0
=> 0x00007ffff475f8f9 <+73>:	cmpb   $0x0,(%r12)
   0x00007ffff475f8fe <+78>:	jne    0x7ffff475f968 <_ZN4llvm2cl6Option11addArgumentEv+184>
   0x00007ffff475f900 <+80>:	xor    %r12d,%r12d
   0x00007ffff475f903 <+83>:	movzwl 0xc(%rbx),%eax
   0x00007ffff475f907 <+87>:	shr    $0x7,%ax
   0x00007ffff475f90b <+91>:	and    $0x3,%eax
   0x00007ffff475f90e <+94>:	cmp    $0x1,%eax
   0x00007ffff475f911 <+97>:	je     0x7ffff475fc10 <_ZN4llvm2cl6Option11addArgumentEv+864>
   0x00007ffff475f917 <+103>:	testb  $0x8,0xd(%rbx)
   0x00007ffff475f91b <+107>:	jne    0x7ffff475faf0 <_ZN4llvm2cl6Option11addArgumentEv+576>
   0x00007ffff475f921 <+113>:	movzbl 0xc(%rbx),%eax
   0x00007ffff475f925 <+117>:	and    $0x7,%eax
   0x00007ffff475f928 <+120>:	cmp    $0x4,%eax
   0x00007ffff475f92b <+123>:	je     0x7ffff475fba0 <_ZN4llvm2cl6Option11addArgumentEv+752>
   0x00007ffff475f931 <+129>:	test   %r12b,%r12b
   0x00007ffff475f934 <+132>:	jne    0x7ffff475fcdb <_ZN4llvm2cl6Option11addArgumentEv+1067>
   0x00007ffff475f93a <+138>:	mov    0x48(%rsp),%rax
   0x00007ffff475f93f <+143>:	xor    %fs:0x28,%rax
   0x00007ffff475f948 <+152>:	movb   $0x1,0x38(%rbx)
   0x00007ffff475f94c <+156>:	jne    0x7ffff475fcd6 <_ZN4llvm2cl6Option11addArgumentEv+1062>
   0x00007ffff475f952 <+162>:	add    $0x58,%rsp
   0x00007ffff475f956 <+166>:	pop    %rbx
   0x00007ffff475f957 <+167>:	pop    %rbp
   0x00007ffff475f958 <+168>:	pop    %r12
   0x00007ffff475f95a <+170>:	pop    %r13
   0x00007ffff475f95c <+172>:	pop    %r14
   0x00007ffff475f95e <+174>:	pop    %r15

We have a null pointer dereference here.

(gdb) p $r12
$1 = 0

Here is that line of code https://github.com/llvm-mirror/llvm/blob/master/lib/Support/CommandLine.cpp#L123

Somehow ArgStr is a nullptr.

I suggest to change ArgStr type to StringRef to fix my crash. Also, that will modernize code. I can provide a patch. Additionally, I can also change some other const char * types to StringRef where appropriate. Will such patch be accepted? Do I need to fill a ticket in bug tracker?

--
Eugene