`c4test` segfaults with `basic11.c4m`

[ee7]

Related to the previous https://github.com/crashappsec/libcon4m/issues/37.

With:

• x86_64
• Linux 6.9.5
• gcc 14.1.1 20240522
• GNU ld 2.42.0

if we fetch the latest libcon4m commit on main (https://github.com/crashappsec/libcon4m/commit/833300442d95e6ca7b49104417873c0c671caa00) and run ./dev debug:

$ git clone --depth 1 --quiet https://github.com/crashappsec/libcon4m /tmp/libcon4m
$ cd /tmp/libcon4m
$ git log -1 --oneline
8333004 (grafted, HEAD -> main, origin/main, origin/HEAD) Initial test runner (#40)
$ CON4M_DEV=1 ./dev debug
[-- libcon4m --] Compiling meson target debug
INFO: autodetecting backend as ninja
INFO: calculating backend command to run: /usr/bin/ninja
ninja: no work to do.
[-- libcon4m --] Done!
[-- libcon4m --] Running debugger:v/usr/bin/gdb
Reading symbols from ./c4test...

then run c4test with basic11.c4m:

https://github.com/crashappsec/libcon4m/blob/833300442d95e6ca7b49104417873c0c671caa00/tests/basic11.c4m#L1-L14

we see a segfault:

(gdb) r ../tests/basic11.c4m
Starting program: /tmp/libcon4m/debug/c4test ../tests/basic11.c4m
[Thread debugging using libthread_db enabled]                                                           
Using host libthread_db library "/usr/lib/libthread_db.so.1".
info: Compiling: /tmp/libcon4m/tests/basic11.c4m
┏┅┅┅┅┅┅┅┳┅┅┅┅┅┅┅┅┅┅┅┅┳┅┅┅┅┅┅┅┅┳┅┅┅┅┅┅┅┅┅┅┳┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ SEQ # ┇    TYPE    ┇ LINE # ┇ COLUMN # ┇                            VALUE                            
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 1     ┇ string     ┇ 1      ┇ 0        ┇ """                                                         
┇       ┇            ┇        ┇          ┇ Test of basic array item reads / writes for ints.           
┇       ┇            ┇        ┇          ┇ """                                                         
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 2     ┇ newline    ┇ 3      ┇ 3        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 3     ┇ string     ┇ 4      ┇ 0        ┇ """                                                         
┇       ┇            ┇        ┇          ┇ $output:                                                    
┇       ┇            ┇        ┇          ┇ 5                                                           
┇       ┇            ┇        ┇          ┇ [0, 1, 5, 3, 4, 5]                                          
┇       ┇            ┇        ┇          ┇ """                                                         
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 4     ┇ newline    ┇ 8      ┇ 3        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 5     ┇ newline    ┇ 9      ┇ 0        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 6     ┇ identifier ┇ 10     ┇ 0        ┇ l                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 7     ┇ =          ┇ 10     ┇ 2        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 8     ┇ space      ┇ 10     ┇ 2        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 9     ┇ [          ┇ 10     ┇ 4        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 10    ┇ int        ┇ 10     ┇ 5        ┇ 0                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 11    ┇ ,          ┇ 10     ┇ 6        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 12    ┇ space      ┇ 10     ┇ 6        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 13    ┇ int        ┇ 10     ┇ 8        ┇ 1                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 14    ┇ ,          ┇ 10     ┇ 9        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 15    ┇ space      ┇ 10     ┇ 9        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 16    ┇ int        ┇ 10     ┇ 11       ┇ 2                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 17    ┇ ,          ┇ 10     ┇ 12       ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 18    ┇ space      ┇ 10     ┇ 12       ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 19    ┇ int        ┇ 10     ┇ 14       ┇ 3                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 20    ┇ ,          ┇ 10     ┇ 15       ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 21    ┇ space      ┇ 10     ┇ 15       ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 22    ┇ int        ┇ 10     ┇ 17       ┇ 4                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 23    ┇ ,          ┇ 10     ┇ 18       ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 24    ┇ space      ┇ 10     ┇ 18       ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 25    ┇ int        ┇ 10     ┇ 20       ┇ 5                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 26    ┇ ]          ┇ 10     ┇ 21       ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 27    ┇ newline    ┇ 10     ┇ 22       ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 28    ┇ identifier ┇ 11     ┇ 0        ┇ l                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 29    ┇ [          ┇ 11     ┇ 1        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 30    ┇ int        ┇ 11     ┇ 2        ┇ 2                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 31    ┇ ]          ┇ 11     ┇ 3        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 32    ┇ =          ┇ 11     ┇ 5        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 33    ┇ space      ┇ 11     ┇ 5        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 34    ┇ int        ┇ 11     ┇ 7        ┇ 5                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 35    ┇ newline    ┇ 11     ┇ 8        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 36    ┇ identifier ┇ 12     ┇ 0        ┇ x                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 37    ┇ =          ┇ 12     ┇ 2        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 38    ┇ space      ┇ 12     ┇ 2        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 39    ┇ identifier ┇ 12     ┇ 4        ┇ l                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 40    ┇ [          ┇ 12     ┇ 5        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 41    ┇ int        ┇ 12     ┇ 6        ┇ 2                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 42    ┇ ]          ┇ 12     ┇ 7        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 43    ┇ newline    ┇ 12     ┇ 8        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 44    ┇ print      ┇ 13     ┇ 0        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 45    ┇ (          ┇ 13     ┇ 5        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 46    ┇ identifier ┇ 13     ┇ 6        ┇ x                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 47    ┇ )          ┇ 13     ┇ 7        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 48    ┇ newline    ┇ 13     ┇ 8        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 49    ┇ print      ┇ 14     ┇ 0        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 50    ┇ (          ┇ 14     ┇ 5        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 51    ┇ identifier ┇ 14     ┇ 6        ┇ l                                                           
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 52    ┇ )          ┇ 14     ┇ 7        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 53    ┇ newline    ┇ 14     ┇ 8        ┇                                                             
┣┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ 54    ┇ eof        ┇ 15     ┇ 0        ┇                                                             
┗┅┅┅┅┅┅┅┻┅┅┅┅┅┅┅┅┅┅┅┅┻┅┅┅┅┅┅┅┅┻┅┅┅┅┅┅┅┅┅┅┻┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅

Processing module /tmp/libcon4m/tests/basic11.c4m
 nt_module  full docs                                                                                  
 ├── nt_assign  list[int]                                                                              
 │   ├── nt_expression  list[int]                                                                      
 │   │   └── nt_identifier (l) list[int]                                                               
 │   └── nt_expression  list[int]                                                                      
 │       └── nt_lit_list  list[int]                                                                    
 │           ├── nt_expression  int                                                                    
 │           │   └── nt_simple_lit (0) int                                                             
 │           ├── nt_expression  int                                                                    
 │           │   └── nt_simple_lit (1) int                                                             
 │           ├── nt_expression  int                                                                    
 │           │   └── nt_simple_lit (2) int                                                             
 │           ├── nt_expression  int                                                                    
 │           │   └── nt_simple_lit (3) int                                                             
 │           ├── nt_expression  int                                                                    
 │           │   └── nt_simple_lit (4) int                                                             
 │           └── nt_expression  int                                                                    
 │               └── nt_simple_lit (5) int                                                             
 ├── nt_assign  int                                                                                    
 │   ├── nt_expression  int                                                                            
 │   │   └── nt_index  int                                                                             
 │   │       ├── nt_identifier (l) list[int]                                                           
 │   │       └── nt_expression  int                                                                    
 │   │           └── nt_simple_lit (2) int                                                             
 │   └── nt_expression  int                                                                            
 │       └── nt_simple_lit (5) int                                                                     
 ├── nt_assign  int                                                                                    
 │   ├── nt_expression  int                                                                            
 │   │   └── nt_identifier (x) int                                                                     
 │   └── nt_expression  int                                                                            
 │       └── nt_index  int                                                                             
 │           ├── nt_identifier (l) list[int]                                                           
 │           └── nt_expression  int                                                                    
 │               └── nt_simple_lit (2) int                                                             
 ├── nt_print  int                                                                                     
 │   └── nt_expression  int                                                                            
 │       └── nt_paren_expr  int                                                                        
 │           └── nt_expression  int                                                                    
 │               └── nt_identifier (x) int                                                             
 └── nt_print  list[int]                                                                               
     └── nt_expression  list[int]                                                                      
         └── nt_paren_expr  list[int]                                                                  
             └── nt_expression  list[int]                                                              
                 └── nt_identifier (l) list[int]                                                       

Toplevel CFG for /tmp/libcon4m/tests/basic11.c4m
 Root                                                                                                  
 └── block                                                                                             
     ├── @0x7fffefbaca40: Enter (-)                                                                    
     │   ├── @0x7fffefbfca80: DEF l (l)                                                                
     │   ├── @0x7fffefc13980: DEF l (l)                                                                
     │   ├── @0x7fffefc361c0: USE l (l)                                                                
     │   ├── @0x7fffefc49540: DEF x (l, x)                                                             
     │   ├── @0x7fffefc56f80: USE x (l, x)                                                             
     │   └── @0x7fffefc5c400: USE l (l, x)                                                             
     └── @0x7fffefbacd80: Exit  (l, x)                                                                 

Global Scope
┏┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┓                                                                                     
┇ Scope is empty ┇                                                                                     
┗┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┛                                                                                     

Module Scope
┏┅┅┅┅┅┅┳┅┅┅┅┅┅┅┅┅┅┳┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┳┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┳┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┳┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ NAME ┇   KIND   ┇         TYPE         ┇ CONSTANT VALUE ┇        DEFS         ┇         USES         
┣┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ l    ┇ variable ┇ list[int] (inferred) ┇ n/a            ┇ /tmp/libcon4m/      ┇ /tmp/libcon4m/tests/ 
┇      ┇          ┇                      ┇                ┇ tests/              ┇ basic11.c4m:12:5, /  
┇      ┇          ┇                      ┇                ┇ basic11.c4m:10:1, / ┇ tmp/libcon4m/tests/  
┇      ┇          ┇                      ┇                ┇ tmp/libcon4m/tests/ ┇ basic11.c4m:14:7     
┇      ┇          ┇                      ┇                ┇ basic11.c4m:11:1    ┇                      
┣┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅╋┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
┇ x    ┇ variable ┇ int (inferred)       ┇ n/a            ┇ /tmp/libcon4m/      ┇ /tmp/libcon4m/tests/ 
┇      ┇          ┇                      ┇                ┇ tests/              ┇ basic11.c4m:13:7     
┇      ┇          ┇                      ┇                ┇ basic11.c4m:12:1    ┇                      
┗┅┅┅┅┅┅┻┅┅┅┅┅┅┅┅┅┅┻┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┻┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┻┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┻┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅

info: Done processing: /tmp/libcon4m/tests/basic11.c4m
┌─────────┬────────────────┬───────────────────────────────────┬───────────┬───────────┬────────┬──────
│ ADDRESS │  INSTRUCTION   │                ARG                │ IMMEDIATE │   TYPE    │ MODULE │ LINE 
│ Module '/tmp/libcon4m/tests/basic11.c4m':                                                            
│ 0x10    │ ZModuleEnter   │ 0                                 │           │           │        │ 1    
│ 0x20    │ ZPushStaticRef │ static offset: 0x00               │           │           │ 0      │ 10   
│ 0x30    │ ZPushConstObj  │ 1                                 │           │ list[int] │        │ 10   
│         │                │ @offset: 0x10                     │           │           │        │      
│ 0x40    │ ZTCall         │ builtin call of __copy__          │           │ list[int] │        │ 10   
│ 0x50    │ ZSwap          │                                   │           │           │        │ 10   
│ 0x60    │ ZAssignToLoc   │                                   │           │           │        │ 10   
│ 0x70    │ ZPushStaticObj │ static offset: 0x00               │           │           │ 0      │ 11   
│ 0x80    │ ZPushImm       │                                   │ 0x2       │           │        │ 11   
│ 0x90    │ ZPushImm       │                                   │ 0x5       │           │        │ 11   
│ 0xa0    │ ZSwap          │                                   │           │           │        │ 11   
│ 0xb0    │ ZTCall         │ builtin call of __set_item__      │           │ int       │        │ 11   
│ 0xc0    │ ZPushStaticRef │ static offset: 0x00               │           │           │ 0      │ 12   
│ 0xd0    │ ZPushStaticObj │ static offset: 0x00               │           │           │ 0      │ 12   
│ 0xe0    │ ZPushImm       │                                   │ 0x2       │           │        │ 12   
│ 0xf0    │ ZTCall         │ builtin call of __get_item__      │           │ int       │        │ 12   
│ 0x100   │ ZSwap          │                                   │           │           │        │ 12   
│ 0x110   │ ZAssignToLoc   │                                   │           │           │        │ 12   
│ 0x120   │ ZPushStaticObj │ static offset: 0x00               │           │           │ 0      │ 13   
│ 0x130   │ ZBox           │                                   │           │ int       │        │ 13   
│ 0x140   │ ZPrint         │                                   │           │           │        │ 13   
│ 0x150   │ ZPushStaticObj │ static offset: 0x00               │           │           │ 0      │ 14   
│ 0x160   │ ZPrint         │                                   │           │           │        │ 14   
│ 0x170   │ ZModuleRet     │                                   │           │           │        │ 1    
└─────────┴────────────────┴───────────────────────────────────┴───────────┴───────────┴────────┴──────

Module /tmp/libcon4m/tests/basic11.c4m disassembly done.
Module Source Code
"""
Test of basic array item reads / writes for ints.
"""
"""
$output:
5
[0, 1, 5, 3, 4, 5]
"""

l = [0, 1, 2, 3, 4, 5]
l[2] = 5
x = l[2]
print(x)
print(l)

****STARTING PROGRAM EXECUTION*****
5

Program received signal SIGSEGV, Segmentation fault.
0x000000010007ead7 in c4m_get_my_type (user_object=0x5) at ../include/con4m/type.h:164
164    return hdr->concrete_type;

The stack trace:

(gdb) bt
#0  0x000000010007ead7 in c4m_get_my_type (user_object=0x5) at ../include/con4m/type.h:164
#1  0x000000010008041a in _c4m_print (first=0x5) at ../src/con4m/streams.c:652
#2  0x0000000100096a44 in c4m_vm_runloop (tstate_arg=0x7fffd7001080) at ../src/con4m/vm.c:1350
#3  0x0000000100097abd in c4m_vmthread_run (tstate=0x7fffd7001080) at ../src/con4m/vm.c:1637
#4  0x000000010000e2ea in test_compiler (fname=0x7fffef8ad960, kat=0x7fffef9122c0) at ../src/tests/test.c:485
#5  0x000000010000e514 in main (argc=2, argv=0x7fffffffe6f8, envp=0x7fffffffe710) at ../src/tests/test.c:534

c4m_get_my_type() in type.h is: https://github.com/crashappsec/libcon4m/blob/833300442d95e6ca7b49104417873c0c671caa00/include/con4m/type.h#L159-L165

[ee7]

As of https://github.com/crashappsec/libcon4m/commit/f7752b2e004d46be14864341a21f3e43a0fac92c, a reduction:

$ cat tests/foo.c4m
"""
Test of initializing a list after a variable, then printing both.
"""
"""
$output:
1
[2]
"""

x = 1
l = [2]
print(x)
print(l)

prints incorrect value of x:

$ ./debug/c4test tests/foo.c4m
[...]
FAIL: test foo.c4m: output mismatch.
Expected output
1
[2]
Actual
120304245453328
[2]

and initializing l before x:

l = [2]
x = 1
print(l)

produces a segfault:

(gdb) bt
#0  0x0000000100084737 in c4m_get_my_type (user_object=0x1) at ../include/con4m/type.h:144
#1  0x0000000100086089 in _c4m_print (first=0x1) at ../src/con4m/streams.c:652
#2  0x000000010009d617 in c4m_vm_runloop (tstate_arg=0x7fffd879fba0) at ../src/con4m/vm.c:1353
#3  0x000000010009e714 in c4m_vmthread_run (tstate=0x7fffd879fba0) at ../src/con4m/vm.c:1641
#4  0x0000000100013163 in test_compiler (fname=0x7fffd78d7a60, kat=0x7fffd7a5efc0) at ../src/tests/test.c:452
#5  0x0000000100013409 in main (argc=2, argv=0x7fffffffe6a8, envp=0x7fffffffe6c0) at ../src/tests/test.c:501
(gdb) x/i $pc
=> 0x100084737 <c4m_get_my_type+32>:    mov    0x8(%rax),%rax
(gdb) i r rax
rax            0xffffffffffffffe1  -31

Invalid read of size 8
Address 0xffffffffffffffe9 is not stack'd, malloc'd or (recently) free'd

Process terminating with default action of signal 11 (SIGSEGV): dumping core
Access not within mapped region at address 0xFFFFFFFFFFFFFFE9

With ASan:

../include/con4m/object.h:8:12: runtime error: pointer index expression with base 0x000000000005 overflowed to 0xffffffffffffffe5
../include/con4m/type.h:144:15: runtime error: member access within misaligned address 0xffffffffffffffe5 for type 'struct c4m_base_obj_t', which requires 16 byte alignment

[ee7]

I can confirm that switching to clang 17.0.6 makes c4test basic11.c4m pass on my machine.

But with UBSan:

../src/con4m/object.c:502:13: runtime error: call to function c4m_sha_init through pointer to incorrect function type 'void (*)(void **, struct __va_list_tag *)'
/foo/libcon4m/debug/../src/con4m/crypto/sha.c:30: note: c4m_sha_init defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:502:13 in 
../src/con4m/format.c:387:29: runtime error: call to function c4m_string_format through pointer to incorrect function type 'struct c4m_str_t *(*)(void *, struct c4m_fmt_spec_t *)'
/foo/libcon4m/debug/../src/con4m/string.c:1309: note: c4m_string_format defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/format.c:387:29 in 
../src/con4m/object.c:590:12: runtime error: call to function c4m_str_to_str through pointer to incorrect function type 'struct c4m_str_t *(*)(void *)'
/foo/libcon4m/debug/../src/con4m/string.c:1201: note: c4m_str_to_str defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:590:12 in 
info: Compiling: /foo/libcon4m/tests/basic11.c4m
../src/con4m/object.c:930:12: runtime error: call to function to_list_lit through pointer to incorrect function type 'void *(*)(struct c4m_type_t *, c4m_xlist_t *, struct c4m_str_t *)'
/foo/libcon4m/debug/../src/con4m/lists.c:359: note: to_list_lit defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:930:12 in 
info: Done processing: /foo/libcon4m/tests/basic11.c4m
../src/con4m/marshal.c:267:5: runtime error: call to function c4m_string_marshal through pointer to incorrect function type 'void (*)(void *, c4m_stream_t *, struct hatrack_dict_t *, long *)'
/foo/libcon4m/debug/../src/con4m/string.c:1126: note: c4m_string_marshal defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/marshal.c:267:5 in 
../src/con4m/object.c:690:12: runtime error: call to function c4m_xlist_len through pointer to incorrect function type 'long (*)(void *)'
/foo/libcon4m/debug/../src/con4m/xlist.c:185: note: c4m_xlist_len defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:690:12 in 
../src/con4m/tree_pattern.c:292:12: runtime error: call to function tcmp through pointer to incorrect function type 'bool (*)(void *, void *)'
/foo/libcon4m/debug/../src/con4m/compiler/ast_utils.c:6: note: tcmp defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/tree_pattern.c:292:12 in 
../src/con4m/marshal.c:349:5: runtime error: call to function c4m_string_unmarshal through pointer to incorrect function type 'void (*)(void *, c4m_stream_t *, struct hatrack_dict_t *)'
/foo/libcon4m/debug/../src/con4m/string.c:1148: note: c4m_string_unmarshal defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/marshal.c:349:5 in 
****STARTING PROGRAM EXECUTION*****
../src/con4m/object.c:602:12: runtime error: call to function list_copy through pointer to incorrect function type 'void *(*)(void *)'
/foo/libcon4m/debug/../src/con4m/lists.c:171: note: list_copy defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:602:12 in 
../src/con4m/object.c:718:5: runtime error: call to function list_set through pointer to incorrect function type 'void (*)(void *, void *, void *)'
/foo/libcon4m/debug/../src/con4m/lists.c:226: note: list_set defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:718:5 in 
../src/con4m/object.c:704:12: runtime error: call to function list_get through pointer to incorrect function type 'void *(*)(void *, void *)'
/foo/libcon4m/debug/../src/con4m/lists.c:191: note: list_get defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:704:12 in 
../src/con4m/object.c:539:12: runtime error: call to function signed_repr through pointer to incorrect function type 'struct c4m_str_t *(*)(void *)'
/foo/libcon4m/debug/../src/con4m/numbers.c:22: note: signed_repr defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/object.c:539:12 in 
5
[0, 1, 5, 3, 4, 5]
****PROGRAM EXECUTION FINISHED*****

../src/con4m/box.c:40:12: runtime error: call to function u64_fmt through pointer to incorrect function type 'struct c4m_str_t *(*)(void *, struct c4m_fmt_spec_t *)'
/foo/libcon4m/debug/../src/con4m/numbers.c:690: note: u64_fmt defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/box.c:40:12 in 
Passed 1 out of 1 run tests.