clang-tidy : Segmentation fault : cppcoreguidelines-owning-memory

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.

http://llvm.org

Other

28.83k stars 11.91k forks source link

clang-tidy : Segmentation fault : cppcoreguidelines-owning-memory #70460

Closed dennisoberg closed 2 weeks ago

dennisoberg commented 1 year ago

Have built the latest clang from commit c45466cd9a51fe384d2b31e124b77d14c821eb70

When runnig clang-tidy the is a Segmentation fault

Attached a file with the backtrace

Disabling cppcoreguidelines-owning-memory in the clang-tidy checkers file there is no Segmentation fault

clang-tidy_segmentation_fault.txt

PiotrZSL commented 1 year ago

Got example that reproduce issue ?

dennisoberg commented 1 year ago

This is the unit-test

TESTF(TestHccdHandler, SendMaxMessage) { HccdCh0->setStateStarted(); HccdPortType hccdPort = HccdPortType::HccdPort1588;

size_t messageSize = HccdMessageSize - sizeof(HccdHeader);
unsigned char txMessage[messageSize];
memset(txMessage, '-', messageSize - 1);
txMessage[messageSize - 1] = 0;
unsigned char* pMessage = &txMessage[0];

EXPECT_CALL(*mockRla_, transferHccdMessage(_, _))
    .WillOnce(Invoke([&txMessage, hccdPort, messageSize](uint8_t const* data, unsigned int dSize) -> bool {
        std::string message(messageSize - 1, '-');
        EXPECT_EQ(data[0], static_cast<uint8_t>(hccdPort));
        EXPECT_EQ(data[1], messageSize + sizeof(HccdHeader));
        EXPECT_EQ(0, message.compare(std::string(reinterpret_cast<char const*>(data + 4), dSize - 5)));

        return true;
    }));

HccdCh0_->sendMessage(hccdPort, pMessage, messageSize);
HccdCh0_->callFlushMessage();

}

chrchr-github commented 1 year ago

This could be a reproducer:

auto h(auto x) { x(); }

void f(int N) {
    int a[N];

    h([&a]() {});
}

https://godbolt.org/z/aM8arsaje

PiotrZSL commented 1 year ago

Crash happen in TraverseLambdaExpr in clang/lib/ASTMatchers/ASTMatchFinder.cpp because Node->capture_init_begin()[I] is a nullptr. Looks like capture_size is 1, capture list contains one valid element and capture_init list contain one element (nullptr).

On Clang 16 this does not crash, it started crashing since Clang 17. I'm trying now to do some binary search to find out faulty commit.

dennisoberg commented 1 year ago

Great. I can also confirm what you see from my side that clang 16.0.3 does not have segmentation fault

llvmbot commented 1 year ago

@llvm/issue-subscribers-clang-frontend

Author: Dennis Öberg (dennisoberg)

Have built the latest clang from commit c45466cd9a51fe384d2b31e124b77d14c821eb70 When runnig clang-tidy the is a Segmentation fault Attached a file with the backtrace Disabling cppcoreguidelines-owning-memory in the clang-tidy checkers file there is no Segmentation fault [clang-tidy_segmentation_fault.txt](https://github.com/llvm/llvm-project/files/13190186/clang-tidy_segmentation_fault.txt)

5chmidti commented 2 weeks ago

The godbolt example longer crashes using clang-tidy trunk, and the crash examples from #91206 do not reproduce anymore either. Closing