search

Quuxplusone / LLVMBugzillaTest

0 stars 0 forks source link

Malloc error "pointer being freed was not allocated". #18108

Open Quuxplusone opened 10 years ago

Quuxplusone commented 10 years ago
Bugzilla Link PR18109
Status NEW
Importance P normal
Reported by Deepak Raj H R (hr.deepak@tcs.com)
Reported on 2013-12-02 06:22:43 -0800
Last modified on 2019-07-11 15:56:36 -0700
Version trunk
Hardware PC MacOS X
CC hr.deepak@tcs.com, jryans@gmail.com, llvm-bugs@lists.llvm.org
Fixed by commit(s)
Attachments failures.zip (674511 bytes, application/zip)
Blocks
Blocked by
See also 
Created attachment 11642
PluginChecker.cpp: Source code of plugin. .so: plugin build, example.c: C code
on which test is to done error.txt: dump on the terminal run, failure folder
built by clang.

I was trying to build a simple plugin for static analyzer of clang. The plugin
will simply report all the printf function call in a given .c file. It may not
do anything fruitful, but a simple start for me.

I was able to build a dynamic library with the following command.
    g++ -share -fPIC -I~/static_plugin/llvm/include -I~static_plugin/build/include  -D_DEBUG -D_GNU_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -g -fvisibility-inlines-hidden -fno-exceptions -fno-rtti -fno-common -Woverloaded-virtual -Wcast-qual  -I~/static_plugin/llvm/tools/clang/include -I~/static_plugin/build/tools/clang/include -L~/static_plugin/build/Debug+Asserts/lib -lz -lpthread -lcurses -lm -undefined dynamic_lookup -o PrintfChecker.so PrintfChecker.cpp

When I tested it on a sample C code containing a printf call, a runtime error
is generated. I have attached the error message dumped on terminal as
error.txt. I have also attached the failure folder as zip and the C code as
example.c. I used the following cmd to test the  C code.
    ./static_plugin/llvm/tools/clang/tools/scan-build/scan-build --use-analyzer=~/static_plugin/build/Debug+Asserts/bin/clang -load-plugin ./PrintfChecker.so -enable-checker security.PrintfChecker gcc -c example.c
Quuxplusone commented 10 years ago

Attached failures.zip (674511 bytes, application/zip): PluginChecker.cpp: Source code of plugin. .so: plugin build, example.c: C code on which test is to done error.txt: dump on the terminal run, failure folder built by clang.

Quuxplusone commented 10 years ago 
Sorry for the vague description before. Please find the following clearer one.

1. Overview: Running a simple static analyzer custom plugin crashes the clang.

2. Steps to Reproduce:
    i. Build the plugin named as PrintfChecker.cpp (attached with the bug report) with the following command.

g++ -share -fPIC -I~/static_plugin/llvm/include -I~static_plugin/build/include
-D_DEBUG -D_GNU_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -
D__STDC_LIMIT_MACROS -g -fvisibility-inlines-hidden -fno-exceptions -fno-rtti -
fno-common -Woverloaded-virtual -Wcast-qual  -
I~/static_plugin/llvm/tools/clang/include -
I~/static_plugin/build/tools/clang/include -
L~/static_plugin/build/Debug+Asserts/lib -lz -lpthread -lcurses -lm -undefined
dynamic_lookup -o PrintfChecker.so PrintfChecker.cpp

    ii. Test the checker on the example.c file (attached with the bug report) with the following command.

./static_plugin/llvm/tools/clang/tools/scan-build/scan-build --use-
analyzer=~/static_plugin/build/Debug+Asserts/bin/clang -load-plugin
./PrintfChecker.so -enable-checker security.PrintfChecker gcc -c example.c

3. Actual Results: The Clang crashed with the error message clang(12260)
malloc: *** error for object 0x7fc259404630: pointer being freed was not
allocated. Complete error message printed on the terminal is copied into file
error.txt (attached with the bug report).

4. Expected Results: The scan-build's report containing the location of all
"printf" call in source code.

5. Build Date & Platform: Build 2013-12-02 Mac OS 10.8.5
Quuxplusone commented 10 years ago

In the mean while I tried to build and load PluginChecker.cpp on formal clang version 3.2, and it worked fine.