Clang Segmentation Fault with 2D Array.

[Quuxplusone]

Bugzilla Link	PR46639
Status	NEW
Importance	P normal
Reported by	Karol Desnos (kdesnos@insa-rennes.fr)
Reported on	2020-07-08 08:15:07 -0700
Last modified on	2021-04-19 12:53:14 -0700
Version	10.0
Hardware	PC Linux
CC	dimitry@andric.com, htmldeveloper@gmail.com, kdesnos@insa-rennes.fr, llvm-bugs@lists.llvm.org, rogero@howzatt.co.uk
Fixed by commit(s)
Attachments	tmp.zip (1118 bytes, application/x-zip-compressed)
Blocks
Blocked by
See also

Created attachment 23704 cpp and sh files generated before dump.

Hi,

When using 2D array with clang, I found a way to cause a segmentation fault of the clang compiler (checked 10 on my WSL) and on the trunk version with godbolt.

The minimal example is the following :

 class A {
     public:
     ~A(){} // No custom destructor => No error
 };

int main() {

  auto a = new A[2][3];

  A (*b) [] = (A (*)[])a; // Adding dimension [3] solves the error too.

  delete[] b;

  return 0;
}

This code compiles without warning nor errors with MSVC 19.24 and gcc 7.5. I do not mind the error or warning from clang, but the seg fault that follows is an issue.

Attached is the cpp and sh generated by clang on crash.

Best,

Karol

[Quuxplusone]

Attached tmp.zip (1118 bytes, application/x-zip-compressed): cpp and sh files generated before dump.

[Quuxplusone]

If needed, here is the dump from clang :

test.cpp:13:3: warning: deleting pointer to incomplete type 'A []' may cause
undefined behavior [-Wdelete-incomplete]
  delete[] b;
  ^        ~
Stack dump:
0.      Program arguments: /usr/lib/llvm-10/bin/clang -cc1 -triple x86_64-pc-
linux-gnu -emit-obj -mrelax-all -disable-free -disable-llvm-verifier -discard-
value-names -main-file-name test.cpp -mrelocation-model static -mthread-model
posix -mframe-pointer=all -fmath-errno -fno-rounding-math -masm-verbose -
mconstructor-aliases -munwind-tables -target-cpu x86-64 -dwarf-column-info -fno-
split-dwarf-inlining -debugger-tuning=gdb -resource-dir /usr/lib/llvm-
10/lib/clang/10.0.0 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-
gnu/9/../../../../include/c++/9 -internal-isystem /usr/bin/../lib/gcc/x86_64-
linux-gnu/9/../../../../include/x86_64-linux-gnu/c++/9 -internal-isystem
/usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/x86_64-linux-
gnu/c++/9 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-
gnu/9/../../../../include/c++/9/backward -internal-isystem /usr/local/include -
internal-isystem /usr/lib/llvm-10/lib/clang/10.0.0/include -internal-externc-
isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -
internal-externc-isystem /usr/include -fdeprecated-macro -fdebug-compilation-
dir /mnt/d/LinuxFS/TEST -ferror-limit 19 -fmessage-length 0 -fgnuc-
version=4.2.1 -fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-
show-option -fcolor-diagnostics -faddrsig -o /tmp/test-58b933.o -x c++ test.cpp
1.      <eof> parser at end of file
2.      test.cpp:7:5: LLVM IR generation of declaration 'main'
3.      test.cpp:7:5: Generating code for declaration 'main'
 #0 0x00007fcb5e8914ff llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x9814ff)
 #1 0x00007fcb5e88f7b0 llvm::sys::RunSignalHandlers() (/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x97f7b0)
 #2 0x00007fcb5e891ac5 (/lib/x86_64-linux-gnu/libLLVM-10.so.1+0x981ac5)
 #3 0x00007fcb650723c0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
 #4 0x00007fcb62ff0cd7 clang::Decl::getASTContext() const (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0xa40cd7)
 #5 0x00007fcb63003e7f clang::CXXRecordDecl::getDestructor() const (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0xa53e7f)
 #6 0x00007fcb63a5ce89 clang::CodeGen::CodeGenFunction::destroyCXXObject(clang::CodeGen::CodeGenFunction&, clang::CodeGen::Address, clang::QualType) (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x14ace89)
 #7 0x00007fcb63a8f634 clang::CodeGen::CodeGenFunction::emitArrayDestroy(llvm::Value*, llvm::Value*, clang::QualType, clang::CharUnits, void (*)(clang::CodeGen::CodeGenFunction&, clang::CodeGen::Address, clang::QualType), bool, bool) (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x14df634)
 #8 0x00007fcb63acd78f clang::CodeGen::CodeGenFunction::EmitCXXDeleteExpr(clang::CXXDeleteExpr const*) (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x151d78f)
 #9 0x00007fcb63aebe6d (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x153be6d)
#10 0x00007fcb63ae135f
clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, bool)
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x153135f)
#11 0x00007fcb63aa0948 clang::CodeGen::CodeGenFunction::EmitAnyExpr(clang::Expr
const*, clang::CodeGen::AggValueSlot, bool) (/lib/x86_64-linux-gnu/libclang-
cpp.so.10+0x14f0948)
#12 0x00007fcb63aa08f9
clang::CodeGen::CodeGenFunction::EmitIgnoredExpr(clang::Expr const*)
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x14f08f9)
#13 0x00007fcb63bd45c4 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt
const*, llvm::ArrayRef<clang::Attr const*>) (/lib/x86_64-linux-gnu/libclang-
cpp.so.10+0x16245c4)
#14 0x00007fcb63bde2fc
clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt
const&, bool, clang::CodeGen::AggValueSlot) (/lib/x86_64-linux-gnu/libclang-
cpp.so.10+0x162e2fc)
#15 0x00007fcb63c1fc62
clang::CodeGen::CodeGenFunction::EmitFunctionBody(clang::Stmt const*)
(/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x166fc62)
#16 0x00007fcb63c204bf
clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl,
llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (/lib/x86_64-linux-
gnu/libclang-cpp.so.10+0x16704bf)
#17 0x00007fcb63c37cfd
clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl,
llvm::GlobalValue*) (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x1687cfd)
#18 0x00007fcb63c31e52
clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl,
llvm::GlobalValue*) (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x1681e52)
#19 0x00007fcb63c3a662
clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*) (/lib/x86_64-
linux-gnu/libclang-cpp.so.10+0x168a662)
#20 0x00007fcb63ca9dbf (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x16f9dbf)
#21 0x00007fcb63c179c2 (/lib/x86_64-linux-gnu/libclang-cpp.so.10+0x16679c2)
#22 0x00007fcb62e05ba4 clang::ParseAST(clang::Sema&, bool, bool) (/lib/x86_64-
linux-gnu/libclang-cpp.so.10+0x855ba4)
#23 0x00007fcb6427be58 clang::FrontendAction::Execute() (/lib/x86_64-linux-
gnu/libclang-cpp.so.10+0x1ccbe58)
#24 0x00007fcb642348a1
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/lib/x86_64-
linux-gnu/libclang-cpp.so.10+0x1c848a1)
#25 0x00007fcb642dfdaf
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/lib/x86_64-linux-
gnu/libclang-cpp.so.10+0x1d2fdaf)
#26 0x000000000041229d cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/usr/lib/llvm-10/bin/clang+0x41229d)
#27 0x00000000004105b1 (/usr/lib/llvm-10/bin/clang+0x4105b1)
#28 0x000000000041036d main (/usr/lib/llvm-10/bin/clang+0x41036d)
#29 0x00007fcb5d9c70b3 __libc_start_main (/lib/x86_64-linux-
gnu/libc.so.6+0x270b3)
#30 0x000000000040d7ce _start (/usr/lib/llvm-10/bin/clang+0x40d7ce)
clang: error: unable to execute command: Segmentation fault (core dumped)
clang: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 10.0.0-4ubuntu1
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang: note: diagnostic msg: PLEASE submit a bug report to
https://bugs.llvm.org/ and include the crash backtrace, preprocessed source,
and associated run script.
clang: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /tmp/test-fa1306.cpp
clang: note: diagnostic msg: /tmp/test-fa1306.sh
clang: note: diagnostic msg:

[Quuxplusone]

This is actually an assertion:

Assertion failed: (!elementType->isArrayType()), function emitArrayDestroy, file clang/lib/CodeGen/CGDecl.cpp, line 2149.