Bug 435615

Summary: Reproducible crash within clang when attempting to check Akonadi
Product: [Developer tools] clazy Reporter: Jonathan Marten <jjm>
Component: generalAssignee: Sergio Martins <smartins>
Status: RESOLVED FIXED    
Severity: normal CC: smartins
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: https://invent.kde.org/sdk/clazy/commit/19f1254224b69cffd639b4a343866e7db2a469df Version Fixed In:
Sentry Crash Report:
Attachments: Build log file

Description Jonathan Marten 2021-04-11 13:56:34 UTC 
SUMMARY

When using clazy with Clang 11 to check Akonadi source, with the default checking options as suggested in clazy's README.md, a segfault happens triggered by the regexp in OldStyleConnect::VisitMacroExpands().  This happens both with clazy 1.9 and master branch (1.10), at the same build stage every time.

The full log file is attached due to its size, but the relevant part is:

1.      /usr/include/qt5/QtWidgets/qheaderview.h:259: current parser token 'Q_PRIVATE_SLOT'
2.      /usr/include/qt5/QtWidgets/qheaderview.h:53: parsing struct/union/class body 'QHeaderView'
 #0 0x00007fbd6be00dcd (/usr/lib/llvm/11/bin/../lib64/libLLVM-11libcxx.so+0x8eadcd)
 #1 0x00007fbd6bdfed50 llvm::sys::RunSignalHandlers() (/usr/lib/llvm/11/bin/../lib64/libLLVM-11libcxx.so+0x8e8d50)                                                                                            
 #2 0x00007fbd6be002dd llvm::sys::CleanupOnSignal(unsigned long) (/usr/lib/llvm/11/bin/../lib64/libLLVM-11libcxx.so+0x8ea2dd)                                                                                 
 #3 0x00007fbd6bd43180 (/usr/lib/llvm/11/bin/../lib64/libLLVM-11libcxx.so+0x82d180)
 #4 0x00007fbd6b2672b0 (/lib64/libc.so.6+0x392b0)
 #5 0x00007fbd6b267204 raise (/lib64/libc.so.6+0x39204)
 #6 0x00007fbd6b250547 abort (/lib64/libc.so.6+0x22547)
 #7 0x00007fbd69060166 (/usr/kde5/lib64/ClazyPlugin.so+0xb4166)
 #8 0x00007fbd6905ffaf (/usr/kde5/lib64/ClazyPlugin.so+0xb3faf)
 #9 0x00007fbd690653a0 bool std::__1::basic_regex<char, std::__1::regex_traits<char> >::__search<std::__1::allocator<std::__1::sub_match<char const*> > >(char const*, char const*, std::__1::match_results<char const*, std::__1::allocator<std::__1::sub_match<char const*> > >&, std::__1::regex_constants::match_flag_type) const /usr/include/c++/v1/regex:5948                                                        
#10 0x00007fbd690ae3b9 bool std::__1::regex_search<char const*, std::__1::allocator<std::__1::sub_match<std::__1::__wrap_iter<char const*> > >, char, std::__1::regex_traits<char> >(std::__1::__wrap_iter<char const*>, std::__1::__wrap_iter<char const*>, std::__1::match_results<std::__1::__wrap_iter<char const*>, std::__1::allocator<std::__1::sub_match<std::__1::__wrap_iter<char const*> > > >&, std::__1::basic_regex<char, std::__1::regex_traits<char> > const&, std::__1::regex_constants::match_flag_type) /usr/include/c++/v1/regex:6004                                                                                 
#11 0x00007fbd690ae3b9 bool std::__1::regex_match<std::__1::__wrap_iter<char const*>, std::__1::allocator<std::__1::sub_match<std::__1::__wrap_iter<char const*> > >, char, std::__1::regex_traits<char> >(std::__1::__wrap_iter<char const*>, std::__1::__wrap_iter<char const*>, std::__1::match_results<std::__1::__wrap_iter<char const*>, std::__1::allocator<std::__1::sub_match<std::__1::__wrap_iter<char const*> > > >&, std::__1::basic_regex<char, std::__1::regex_traits<char> > const&, std::__1::regex_constants::match_flag_type) /usr/include/c++/v1/regex:6106                                                           
#12 0x00007fbd690ae3b9 bool std::__1::regex_match<std::__1::char_traits<char>, std::__1::allocator<char>, std::__1::allocator<std::__1::sub_match<std::__1::__wrap_iter<char const*> > >, char, std::__1::regex_traits<char> >(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::match_results<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::const_iterator, std::__1::allocator<std::__1::sub_match<std::__1::__wrap_iter<char const*> > > >&, std::__1::basic_regex<char, std::__1::regex_traits<char> > const&, std::__1::regex_constants::match_flag_type) /usr/include/c++/v1/regex:6148                                                     
#13 0x00007fbd690ae3b9 OldStyleConnect::VisitMacroExpands(clang::Token const&, clang::SourceRange const&, clang::MacroInfo const*) /ws/frameworks/sdk/clazy/src/checks/level2/old-style-connect.cpp:286       
#14 0x00007fbd690e043b ClazyPreprocessorCallbacks::MacroExpands(clang::Token const&, clang::MacroDefinition const&, clang::SourceRange, clang::MacroArgs const*) /ws/frameworks/sdk/clazy/src/checkbase.cpp:65
#15 0x00007fbd6f6cd475 (/usr/lib/llvm/11/bin/../lib64/libclang-cpp.so.11.1+0x9b3475)
#16 0x00007fbd6f6ead05 clang::Preprocessor::HandleMacroExpandedIdentifier(clang::Token&, clang::MacroDefinition const&) (/usr/lib/llvm/11/bin/../lib64/libclang-cpp.so.11.1+0x9d0d05)                         
#17 0x00007fbd6f7070fc clang::Preprocessor::HandleIdentifier(clang::Token&) (/usr/lib/llvm/11/bin/../lib64/libclang-cpp.so.11.1+0x9ed0fc)                                                                     
#18 0x00007fbd6f6a19e7 clang::Lexer::LexIdentifier(clang::Token&, char const*) (/usr/lib/llvm/11/bin/../lib64/libclang-cpp.so.11.1+0x9879e7)                                                                  

STEPS TO REPRODUCE
1. Run clazy over current Akonadi source, observe crash above

SOFTWARE/OS VERSIONS
Operating System: Gentoo
KDE Plasma Version: 5.21.80
KDE Frameworks Version: 5.81.0
Qt Version: 5.15.2
Kernel Version: 5.4.97-gentoo-x86_64 (64-bit)
Graphics Platform: X11
Processors: 3 × AMD Phenom(tm) II X3 705e Processor

clang version 11.1.0
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/lib/llvm/11/bin

ADDITIONAL INFORMATION

This is using the Clang runtime (libcxx, libcxxabi, libunwind).
System, Qt and Frameworks are all compiled with Clang.
Comment 1 Jonathan Marten 2021-04-11 13:58:25 UTC 
Created attachment 137505 [details]
Build log file
Comment 2 Jonathan Marten 2021-04-11 14:00:18 UTC 
Sorry, the preprocessed source file (as requested by the LLVM crash report) is too big to attach here, but it is available if necessary.
Comment 3 Jonathan Marten 2021-04-11 14:12:31 UTC 
Simplifying the regexp in OldStyleConnect::VisitMacroExpands() as follows:

-    static regex rx(R"(Q_PRIVATE_SLOT\s*\((.*)\s*,\s*.*\s+(.*)\(.*)");
+    static regex rx(R"(Q_PRIVATE_SLOT\s*\((.*),.*\s(.*)\(.*)");

seems to eliminate the crash.  I don't know what sort of pattern the regexp is intended to match, but believe that the two regexps should be equivalent.  For .*\s* the \s* will never match anything because everything will have been captured by the .* and for \s*.*\s+ the .* will match anything that the first \s* doesn't and the second \s+ will only match a single space.
Comment 4 Sergio Martins 2021-05-15 09:34:15 UTC 
What would be really valuable would be a reproducible test case, trimming down your akonadi case and attach here, so I can work on it
Comment 5 Sergio Martins 2021-06-30 23:08:23 UTC 
I've reproduced
Comment 6 Sergio Martins 2021-06-30 23:19:11 UTC 
Git commit 19f1254224b69cffd639b4a343866e7db2a469df by Sergio Martins.
Committed on 30/06/2021 at 23:17.
Pushed by smartins into branch 'master'.

old-style-connect: Simplify regexp, which also fixes a crash

Simplification done by Jonathan Marten.

I don't understand why it fixes the crash though, but at least
it's not worse.
Related: bug 438976

M  +1    -1    src/checks/level2/old-style-connect.cpp

https://invent.kde.org/sdk/clazy/commit/19f1254224b69cffd639b4a343866e7db2a469df