[BUG] pointer being freed was not allocated

[amsokol]

Bug description

mojo(16128,0x1f08bfac0) malloc: *** error for object 0x153811538: pointer being freed was not allocated
mojo(16128,0x1f08bfac0) malloc: *** set a breakpoint in malloc_error_break to debug
Please submit a bug report to https://github.com/modularml/mojo/issues and include the crash backtrace along with all the relevant source codes.
Stack dump:
0.  Program arguments: mojo build ./main_bug.mojo
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0  mojo                     0x0000000102756640 llvm_strlcpy + 51508
1  mojo                     0x000000010275492c llvm_strlcpy + 44064
2  mojo                     0x0000000102756d2c llvm_strlcpy + 53280
3  libsystem_platform.dylib 0x0000000188be3584 _sigtramp + 56
4  libsystem_pthread.dylib  0x0000000188bb2c20 pthread_kill + 288
5  libsystem_c.dylib        0x0000000188abfa20 abort + 180
6  libsystem_malloc.dylib   0x00000001889cfaa8 malloc_vreport + 896
7  libsystem_malloc.dylib   0x00000001889d3114 malloc_report + 64
8  libsystem_malloc.dylib   0x00000001889ed494 find_zone_and_free + 528
9  mojo                     0x00000001026ca434 llvm_blake3_hasher_finalize_seek + 91704
10 mojo                     0x0000000103f1bc14 mbedtls_version_get_number + 6026784
11 mojo                     0x0000000103ebc378 mbedtls_version_get_number + 5635460
12 mojo                     0x0000000103ebb620 mbedtls_version_get_number + 5632044
13 mojo                     0x0000000102bdd588 __jit_debug_register_code + 1973884
14 mojo                     0x000000010399be9c mbedtls_version_get_number + 260264
15 mojo                     0x000000010399b960 mbedtls_version_get_number + 258924
16 mojo                     0x0000000103999fac mbedtls_version_get_number + 252344
17 mojo                     0x0000000103cacaa0 mbedtls_version_get_number + 3474604
18 mojo                     0x0000000103cad4d8 mbedtls_version_get_number + 3477220
19 mojo                     0x0000000103cb3728 mbedtls_version_get_number + 3502388
20 mojo                     0x0000000103cb34a4 mbedtls_version_get_number + 3501744
21 libc++.1.dylib           0x0000000188adc548 std::__1::__assoc_sub_state::wait() + 56
22 mojo                     0x0000000103d9c3a0 mbedtls_version_get_number + 4455852
23 mojo                     0x0000000103da2b60 mbedtls_version_get_number + 4482412
24 mojo                     0x0000000103da1540 mbedtls_version_get_number + 4476748
25 mojo                     0x0000000102aed704 __jit_debug_register_code + 991224
26 mojo                     0x000000010269a93c
27 mojo                     0x00000001026994c0
28 dyld                     0x000000018882a0e0 start + 2360
mojo crashed!
Please file a bug report.
[16130:199286:20240503,161219.713028:WARNING in_range_cast.h:38] value -634136515 out of range
[16130:199286:20240503,161219.716813:WARNING crash_report_exception_handler.cc:257] UniversalExceptionRaise: (os/kern) failure (5)
zsh: abort      mojo build ./main_bug.mojo

Steps to reproduce

build this code using "mojo build ./main_bug.mojo" main_bug.mojo:

fn main():
    var v = UInt8[](0, 0, 0)

    for i in range(2):
        print("i = " + str(i))
        v[i] = 0

System information

- What OS did you do install Mojo on?
macOS Sonoma 14.4.1

- Provide version information for Mojo by pasting the output of `mojo -v`
mojo 24.3.0 (9882e19d)

- Provide Modular CLI version by pasting the output of `modular -v`
modular 0.7.4 (df7a9e8b)

[ematejska]

Reproduces with 24.3 in REPL and compiled.

[soraros]

v is a UInt8, not an array with three elements, and v[1] triggers UB.

[amsokol]

Reproduces with 24.3 in REPL and compiled.

I have two Apple laptops (M1 and M2) with the latest Sonoma and Mojo 24.3 installed. Fails on both.

[amsokol]

v is a UInt8, not an array with three elements, and v[1] triggers UB.

It fails when Mojo compiles code. It should not happen regardless of what code is compiled.

[amsokol]

This code breaks Mojo playground compiler (https://docs.modular.com/mojo/playground) also:

fn main():
    var v = UInt8[](0, 0, 0)

    for i in range(2):
        print("i = " + str(i))
        v[i] = 0

Compile error:

mojo: /__w/modular/modular/third-party/llvm-project/llvm/include/llvm/ADT/SmallVector.h:304: llvm::SmallVectorTemplateCommon::reference llvm::SmallVectorTemplateCommon<M::KGEN::POP::DTypeValue>::operator[](llvm::SmallVectorTemplateCommon::size_type) [T = M::KGEN::POP::DTypeValue]: Assertion `idx < size()' failed.
Please submit a bug report to https://github.com/modularml/mojo/issues and include the crash backtrace along with all the relevant source codes.
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0  mojo      0x0000555b5aec6217
1  mojo      0x0000555b5aec3dee
2  mojo      0x0000555b5aec68af
3  libc.so.6 0x00007fd5ad44c520
4  libc.so.6 0x00007fd5ad4a09fc pthread_kill + 300
5  libc.so.6 0x00007fd5ad44c476 raise + 22
6  libc.so.6 0x00007fd5ad4327f3 abort + 211
7  libc.so.6 0x00007fd5ad43271b
8  libc.so.6 0x00007fd5ad443e96
9  mojo      0x0000555b5c7797d2
10 mojo      0x0000555b5c71588f
11 mojo      0x0000555b5c714e34
12 mojo      0x0000555b5b52975e
13 mojo      0x0000555b5c5d1b1a
14 mojo      0x0000555b5c5d164c
15 mojo      0x0000555b5c5ce894
16 mojo      0x0000555b5d9c6a76
17 mojo      0x0000555b5d9c7101
18 mojo      0x0000555b5d9cc612
19 mojo      0x0000555b5d9cc70f
20 mojo      0x0000555b5b5468f8
21 mojo      0x0000555b5adf2787
22 libc.so.6 0x00007fd5ad4a3ee8
23 mojo      0x0000555b5b546b9b
24 mojo      0x0000555b5b546d25
25 mojo      0x0000555b5ae8f02c
26 mojo      0x0000555b5ae90311
27 libc.so.6 0x00007fd5ad49eac3
28 libc.so.6 0x00007fd5ad530850