Bug 358205 - crash in clang_Cursor_getParsedComment
Summary: crash in clang_Cursor_getParsedComment
Status: RESOLVED FIXED
Alias: None
Product: kdevelop
Classification: Applications
Component: Language Support: CPP (Clang-based) (show other bugs)
Version: 4.90.90
Platform: openSUSE Linux
: VHI crash
Target Milestone: 5.0.0
Assignee: kdevelop-bugs-null
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-19 11:45 UTC by Cyrille Dunant
Modified: 2018-04-09 18:37 UTC (History)
2 users (show)

See Also:
Latest Commit: https://commits.kde.org/kdevelop/a2712c8d9691375545f502c10f4f76fa10452e90
Version Fixed In: 5.2.1

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Cyrille Dunant 2016-01-19 11:45:49 UTC 
As per the title. I launched Kdevelop in valgrind. I suspect the bug lies in clang...


==29528== Invalid read of size 2
==29528==    at 0x3A3CBA36: clang::comments::Lexer::resolveHTMLNamedCharacterReference(llvm::StringRef) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3CEB3C: clang::comments::Lexer::lexHTMLCharacterReference(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D094B: clang::comments::Parser::parseParagraphOrBlockCommand() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D2069: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==  Address 0x100107f71 is 1,074,497 bytes inside an unallocated block of size 1,566,128 in arena "client"
==29528== 
==29528== Invalid read of size 1
==29528==    at 0x3A3CBB6B: clang::comments::Lexer::resolveHTMLNamedCharacterReference(llvm::StringRef) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3CEB3C: clang::comments::Lexer::lexHTMLCharacterReference(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D094B: clang::comments::Parser::parseParagraphOrBlockCommand() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D2069: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==  Address 0x100107f71 is 1,074,497 bytes inside an unallocated block of size 1,566,128 in arena "client"
==29528== 
==29528== Invalid read of size 1
==29528==    at 0x3A3CC018: clang::comments::Lexer::resolveHTMLNamedCharacterReference(llvm::StringRef) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3CEB3C: clang::comments::Lexer::lexHTMLCharacterReference(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D094B: clang::comments::Parser::parseParagraphOrBlockCommand() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D2069: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==  Address 0x100107f72 is 1,074,498 bytes inside an unallocated block of size 1,566,128 in arena "client"
==29528== 
==29528== Invalid read of size 1
==29528==    at 0x3A3CF2AD: ??? (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3CED99: clang::comments::Lexer::setupAndLexHTMLStartTag(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D094B: clang::comments::Parser::parseParagraphOrBlockCommand() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D2069: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==  Address 0x100127dca is 1,205,146 bytes inside an unallocated block of size 1,566,128 in arena "client"
==29528== 
==29528== Invalid read of size 1
==29528==    at 0x3A3CEA26: clang::comments::Lexer::lexHTMLCharacterReference(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D0BF3: clang::comments::Parser::parseInlineCommand() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D05FF: clang::comments::Parser::parseParagraphOrBlockCommand() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D2069: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==  Address 0x100265f93 is 454,595 bytes inside an unallocated block of size 558,704 in arena "client"
==29528== 
==29528== Conditional jump or move depends on uninitialised value(s)
==29528==    at 0x3A3CF59D: clang::comments::Lexer::lex(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D0B0F: clang::comments::Parser::parseParagraphOrBlockCommand() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D2069: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==    by 0x3A060C96: ??? (in /usr/lib64/libclang.so.3.7)
==29528== 
==29528== Invalid read of size 1
==29528==    at 0x3A3CDAC6: clang::comments::Lexer::lexCommentText(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D0B0F: clang::comments::Parser::parseParagraphOrBlockCommand() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D2069: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==    by 0x3A060C96: ??? (in /usr/lib64/libclang.so.3.7)
==29528==  Address 0x10031f647 is 183,111 bytes inside an unallocated block of size 378,240 in arena "client"
==29528== 
==29528== Invalid read of size 1
==29528==    at 0x3A3CDA00: clang::comments::Lexer::lexCommentText(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D1ECF: clang::comments::Parser::parseVerbatimLine() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D202E: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==    by 0x3A060C96: ??? (in /usr/lib64/libclang.so.3.7)
==29528==  Address 0x100344443 is 334,147 bytes inside an unallocated block of size 378,240 in arena "client"
==29528== 
==29528== Invalid read of size 1
==29528==    at 0x3A3CD836: clang::comments::Lexer::lexCommentText(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D1F4D: clang::comments::Parser::parseVerbatimLine() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D202E: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==    by 0x3A060C96: ??? (in /usr/lib64/libclang.so.3.7)
==29528==  Address 0x100344564 is 334,436 bytes inside an unallocated block of size 378,240 in arena "client"
==29528== 
==29528== Invalid read of size 1
==29528==    at 0x3A3CD8A5: clang::comments::Lexer::lexCommentText(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D1F4D: clang::comments::Parser::parseVerbatimLine() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D202E: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==    by 0x3A060C96: ??? (in /usr/lib64/libclang.so.3.7)
==29528==  Address 0x100344565 is 334,437 bytes inside an unallocated block of size 378,240 in arena "client"
==29528== 
==29528== Invalid read of size 1
==29528==    at 0x3A3CD864: clang::comments::Lexer::lexCommentText(clang::comments::Token&) (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D1F4D: clang::comments::Parser::parseVerbatimLine() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A3D202E: clang::comments::Parser::parseFullComment() (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A483552: clang::RawComment::parse(clang::ASTContext const&, clang::Preprocessor const*, clang::Decl const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B5BA: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A33B4FB: clang::ASTContext::getCommentForDecl(clang::Decl const*, clang::Preprocessor const*) const (in /usr/lib64/libclangAST.so.3.7.0)
==29528==    by 0x3A082AED: clang_Cursor_getParsedComment (in /usr/lib64/libclang.so.3.7)
==29528==    by 0x37B27339: void (anonymous namespace)::Visitor::setDeclData<(CXCursorKind)2>(CXCursor, KDevelop::Declaration*, bool) const [clone .isra.175] [clone .constprop.478] (builder.cpp:880)
==29528==    by 0x37B3BAE2: createDeclarationCommon<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:372)
==29528==    by 0x37B3BAE2: createDeclaration<(CXCursorKind)2u, KDevelop::ForwardDeclaration> (builder.cpp:394)
==29528==    by 0x37B3BAE2: CXChildVisitResult (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)2, KDevelop::ForwardDeclaration, false>(CXCursor) (builder.cpp:1100)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)1, (detail::type)0> (builder.cpp:870)
==29528==    by 0x37B58ECE: dispatchCursor<(CXCursorKind)2u, (Decision)1, (Decision)2, (detail::type)0> (builder.cpp:850)
==29528==    by 0x37B58ECE: CXChildVisitResult (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)2, (Decision)2, (detail::enabler)0>(CXCursor, CXCursor) (builder.cpp:838)
==29528==    by 0x37B60DDF: (anonymous namespace)::visitCursor(CXCursor, CXCursor, void*) (builder.cpp:1374)
==29528==    by 0x3A060C96: ??? (in /usr/lib64/libclang.so.3.7)
==29528==  Address 0x100344d76 is 336,502 bytes inside an unallocated block of size 378,240 in arena "client"
==29528== 
==29528== 
==29528== More than 10000000 total errors detected.  I'm not reporting any more.
==29528== Final error counts will be inaccurate.  Go fix your program!
==29528== Rerun with --error-limit=no to disable this cutoff.  Note
==29528== that errors may occur in your program without prior warning from
==29528== Valgrind, because errors are no longer being displayed.
==29528== 
==29528== 
==29528== HEAP SUMMARY:
==29528==     in use at exit: 759,045,770 bytes in 1,221,696 blocks
==29528==   total heap usage: 13,413,391 allocs, 12,191,695 frees, 4,524,059,775 bytes allocated
==29528== 
==29528== LEAK SUMMARY:
==29528==    definitely lost: 8,461,472 bytes in 145 blocks
==29528==    indirectly lost: 3,580 bytes in 88 blocks
==29528==      possibly lost: 26,009,386 bytes in 70,579 blocks
==29528==    still reachable: 724,571,332 bytes in 1,150,884 blocks
==29528==         suppressed: 0 bytes in 0 blocks
==29528== Rerun with --leak-check=full to see details of leaked memory
==29528== 
==29528== For counts of detected and suppressed errors, rerun with: -v
==29528== Use --track-origins=yes to see where uninitialised values come from
==29528== ERROR SUMMARY: 10000000 errors from 255 contexts (suppressed: 20 from 1)


Reproducible: Always

Steps to Reproduce:
1. start kdevelop
2. type something


Actual Results:  
crash -- no dr konqui

Expected Results:  
no crash
Comment 1 Milian Wolff 2016-02-11 09:55:39 UTC 
just saw that myself, twice in a row. Also possibly related: https://llvm.org/bugs/show_bug.cgi?id=24280

We really need to find a reproducible testcase for this.
Comment 2 Milian Wolff 2016-02-21 13:20:50 UTC 
Hey Cyrille, do you always get this crash with your project? If so, is it an open source project so that I can to reproduce it myself? Otherwise, could you try to figure out what file is triggering this crash and we figure out a minimal testcase from there? I think it would help to add debug output before we call clang_Cursor_getParsedComment to see what file/cursor is triggering the crash.

Without a way to reproduce this, we and upstream are at a loss at improving this situation, I'm afraid.
Comment 3 Cyrille Dunant 2016-02-23 21:06:50 UTC 
It is an opensource project, but not released. I am completely fine giving you a version However, the latest kdevelop snapshot from opensuse does not crash... Which is good, perhaps. If you still want a copy of my project, I'll send it to you tomorrow.
Comment 4 Kevin Funk 2016-03-11 09:26:37 UTC 
@Cyrille: Still the same Clang version?
Comment 5 Milian Wolff 2016-09-07 20:18:45 UTC 
this must be fixed upstream, and we need a reproducible way to trigger this. if you have one that takes down kdevelop, please show it here and I'll create a test out of it for upstream
Comment 6 Sven Brauch 2017-11-17 00:46:03 UTC 
Git commit a2712c8d9691375545f502c10f4f76fa10452e90 by Sven Brauch.
Committed on 17/11/2017 at 00:45.
Pushed by brauch into branch '5.2'.

work around clang bug 35333: don't crash when switching git branches

See https://bugs.llvm.org/show_bug.cgi?id=35333 for details and
explanation.

We need to do two things to work around this bug: disable -Wdocumentation,
and only use the plain text from the comments instead of the parsed
version.

REVIEW: https://phabricator.kde.org/D8857
Related: bug 372686
FIXED-IN: 5.2.1

M  +4    -0    plugins/clang/duchain/builder.cpp
M  +7    -0    plugins/clang/duchain/parsesession.cpp

https://commits.kde.org/kdevelop/a2712c8d9691375545f502c10f4f76fa10452e90