search

Quuxplusone / LLVMBugzillaTest

0 stars 0 forks source link

clang: static analyzer crash when analyzing aspack.c #3795

Closed Quuxplusone closed 15 years ago

Quuxplusone commented 15 years ago
Bugzilla Link PR3422
Status RESOLVED FIXED
Importance P normal
Reported by Török Edwin (edwin+bugs@etorok.eu)
Reported on 2009-01-27 04:43:11 -0800
Last modified on 2009-01-27 12:30:14 -0800
Version unspecified
Hardware PC Linux
CC kremenek@apple.com, llvm-bugs@lists.llvm.org
Fixed by commit(s)
Attachments clang_crash_FIaAA9.i (103713 bytes, application/octet-stream)
clang_crash_P50eAG.i (123352 bytes, application/octet-stream)
Blocks
Blocked by
See also 
Created attachment 2453
preprocessed file

On SVN r63101, x86-64 Linux:

ANALYZE: ../../../clamav-devel/libclamav/aspack.c readstream
ANALYZE: ../../../clamav-devel/libclamav/aspack.c getdec
ANALYZE: ../../../clamav-devel/libclamav/aspack.c build_decrypt_array
../../../clamav-devel/libclamav/aspack.c:147:3: warning: dead assignment
  i = 0;
  ^   ~
ANALYZE: ../../../clamav-devel/libclamav/aspack.c getbits
ANALYZE: ../../../clamav-devel/libclamav/aspack.c build_decrypt_dictionaries
ANALYZE: ../../../clamav-devel/libclamav/aspack.c decrypt
ANALYZE: ../../../clamav-devel/libclamav/aspack.c decomp_block
ANALYZE: ../../../clamav-devel/libclamav/aspack.c unaspack212
clang: /home/edwin/llvm-svn/llvm/include/llvm/Support/Casting.h:199: typename
llvm::cast_retty<To, From>::ret_type llvm::cast(const Y&) [with X =
clang::PointerType, Y = clang::Type*]: Assertion `isa<X>(Val) && "cast<Ty>()
argument of incompatible type!"' failed.
0   clang     0x0000000001036e4f
1   libc.so.6 0x00002b8d4aafbf60
2   libc.so.6 0x00002b8d4aafbed5 gsignal + 53
3   libc.so.6 0x00002b8d4aafd3f3 abort + 387
4   libc.so.6 0x00002b8d4aaf4dc9 __assert_fail + 233
5   clang     0x0000000000a6bb86
6   clang     0x0000000000a6a4d1
clang::ElementRegion::getRValueType(clang::ASTContext&) const + 97
7   clang     0x0000000000a6bb9a
clang::TypedRegion::getLValueType(clang::ASTContext&) const + 10
8   clang     0x0000000000a14e8f
9   clang     0x0000000000a52533 clang::GRExprEngine::VisitCast(clang::Expr*,
clang::Expr*, clang::ExplodedNode<clang::GRState>*,
clang::ExplodedNodeSet<clang::GRState>&) + 2675
10  clang     0x0000000000a4d317 clang::GRExprEngine::Visit(clang::Stmt*,
clang::ExplodedNode<clang::GRState>*, clang::ExplodedNodeSet<clang::GRState>&)
+ 951
11  clang     0x0000000000a502a1
clang::GRExprEngine::VisitBinaryOperator(clang::BinaryOperator*,
clang::ExplodedNode<clang::GRState>*, clang::ExplodedNodeSet<clang::GRState>&)
+ 545
12  clang     0x0000000000a4d2e8 clang::GRExprEngine::Visit(clang::Stmt*,
clang::ExplodedNode<clang::GRState>*, clang::ExplodedNodeSet<clang::GRState>&)
+ 904
13  clang     0x0000000000a539cf clang::GRExprEngine::ProcessStmt(clang::Stmt*,
clang::GRStmtNodeBuilder<clang::GRState>&) + 591
14  clang     0x0000000000a58c65
clang::GRCoreEngine<clang::GRExprEngine>::ProcessStmt(clang::Stmt*,
clang::GRStmtNodeBuilderImpl&) + 85
15  clang     0x0000000000a4469d
clang::GRCoreEngineImpl::HandlePostStmt(clang::PostStmt const&,
clang::CFGBlock*, unsigned int, clang::ExplodedNodeImpl*) + 205
16  clang     0x0000000000a44b84
clang::GRCoreEngineImpl::ExecuteWorkList(unsigned int) + 484
17  clang     0x000000000059ad0c
18  clang     0x000000000059a715
19  clang     0x000000000059aac6
20  clang     0x0000000000a862e5 clang::ParseAST(clang::Preprocessor&,
clang::ASTConsumer*, bool, bool) + 245
21  clang     0x00000000005cfe14
22  clang     0x00000000005d4d67 main + 1383
23  libc.so.6 0x00002b8d4aae81a6 __libc_start_main + 230
24  clang     0x0000000000592f89 std::ios_base::Init::~Init() + 65
Quuxplusone commented 15 years ago

Attached clang_crash_FIaAA9.i (103713 bytes, application/octet-stream): preprocessed file

Quuxplusone commented 15 years ago 
Another crash with same message:

ANALYZE: ../../../clamav-devel/libclamav/pdf.c cli_pdf
clang: /home/edwin/llvm-svn/llvm/include/llvm/Support/Casting.h:199: typename
llvm::cast_retty<To, From>::ret_type llvm::cast(const Y&) [with X =
clang::PointerType, Y = clang::Type*]: Assertion `isa<X>(Val) && "cast<Ty>()
argument of incompatible type!"' failed.
0   clang     0x0000000001036e4f
1   libc.so.6 0x00002b608b516f60
2   libc.so.6 0x00002b608b516ed5 gsignal + 53
3   libc.so.6 0x00002b608b5183f3 abort + 387
4   libc.so.6 0x00002b608b50fdc9 __assert_fail + 233
5   clang     0x0000000000a6bb86
6   clang     0x0000000000a6a4d1
clang::ElementRegion::getRValueType(clang::ASTContext&) const + 97
7   clang     0x0000000000a2d95a
8   clang     0x0000000000a2e9db
9   clang     0x0000000000a52bbf
clang::GRExprEngine::VisitCallRec(clang::CallExpr*,
clang::ExplodedNode<clang::GRState>*, clang::ExprIterator, clang::ExprIterator,
clang::ExplodedNodeSet<clang::GRState>&, clang::FunctionTypeProto const*,
unsigned int) + 1151
10  clang     0x0000000000a52855
clang::GRExprEngine::VisitCallRec(clang::CallExpr*,
clang::ExplodedNode<clang::GRState>*, clang::ExprIterator, clang::ExprIterator,
clang::ExplodedNodeSet<clang::GRState>&, clang::FunctionTypeProto const*,
unsigned int) + 277
11  clang     0x0000000000a52855
clang::GRExprEngine::VisitCallRec(clang::CallExpr*,
clang::ExplodedNode<clang::GRState>*, clang::ExprIterator, clang::ExprIterator,
clang::ExplodedNodeSet<clang::GRState>&, clang::FunctionTypeProto const*,
unsigned int) + 277
12  clang     0x0000000000a52855
clang::GRExprEngine::VisitCallRec(clang::CallExpr*,
clang::ExplodedNode<clang::GRState>*, clang::ExprIterator, clang::ExprIterator,
clang::ExplodedNodeSet<clang::GRState>&, clang::FunctionTypeProto const*,
unsigned int) + 277
13  clang     0x0000000000a52855
clang::GRExprEngine::VisitCallRec(clang::CallExpr*,
clang::ExplodedNode<clang::GRState>*, clang::ExprIterator, clang::ExprIterator,
clang::ExplodedNodeSet<clang::GRState>&, clang::FunctionTypeProto const*,
unsigned int) + 277
14  clang     0x0000000000a53424
clang::GRExprEngine::VisitCall(clang::CallExpr*,
clang::ExplodedNode<clang::GRState>*, clang::ExprIterator, clang::ExprIterator,
clang::ExplodedNodeSet<clang::GRState>&) + 180
15  clang     0x0000000000a4d21c clang::GRExprEngine::Visit(clang::Stmt*,
clang::ExplodedNode<clang::GRState>*, clang::ExplodedNodeSet<clang::GRState>&)
+ 700
16  clang     0x0000000000a539cf clang::GRExprEngine::ProcessStmt(clang::Stmt*,
clang::GRStmtNodeBuilder<clang::GRState>&) + 591
17  clang     0x0000000000a58c65
clang::GRCoreEngine<clang::GRExprEngine>::ProcessStmt(clang::Stmt*,
clang::GRStmtNodeBuilderImpl&) + 85
18  clang     0x0000000000a4469d
clang::GRCoreEngineImpl::HandlePostStmt(clang::PostStmt const&,
clang::CFGBlock*, unsigned int, clang::ExplodedNodeImpl*) + 205
19  clang     0x0000000000a44b84
clang::GRCoreEngineImpl::ExecuteWorkList(unsigned int) + 484
20  clang     0x000000000059ad0c
21  clang     0x000000000059a715
22  clang     0x000000000059aac6
23  clang     0x0000000000a862e5 clang::ParseAST(clang::Preprocessor&,
clang::ASTConsumer*, bool, bool) + 245
24  clang     0x00000000005cfe14
25  clang     0x00000000005d4d67 main + 1383
26  libc.so.6 0x00002b608b5031a6 __libc_start_main + 230
27  clang     0x0000000000592f89 std::ios_base::Init::~Init() + 65
Quuxplusone commented 15 years ago

Attached clang_crash_P50eAG.i (123352 bytes, application/octet-stream): preprocessed file for second crash

Quuxplusone commented 15 years ago

Fixed: http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20090126/011396.html