362236 – clazy crashes on Utils::isPassedToFunction(clang::Stmt*, clang::VarDecl const*, bool)

Bug 362236 - clazy crashes on Utils::isPassedToFunction(clang::Stmt*, clang::VarDecl const*, bool)

Summary: clazy crashes on Utils::isPassedToFunction(clang::Stmt*, clang::VarDecl cons...

Status:	RESOLVED FIXED

Alias:	None

Product:	clazy
Classification:	Developer tools
Component:	general (other bugs)
Version First Reported In:	unspecified
Platform:	Other Linux

Importance:	NOR grave
Target Milestone:	---
Assignee:	Sergio Martins

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-04-25 12:16 UTC by Sylvestre Ledru
Modified:	2016-04-25 18:01 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	http://commits.kde.org/clazy/d191e8cd091b381948ed30c14e8925d7787cbfe1
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Sylvestre Ledru 2016-04-25 12:16:54 UTC

With the code:
----
#include <vector>

namespace rtc {

  bool Assert(bool result, const char* function) {
    return result;
  }

#define ASSERT(x) \
  (void)rtc::Assert((x), __FUNCTION__)




template<typename T>
class R {

  T ComputeMax() const {
    int i=0;
    ASSERT(count_ > 0 &&
	   "foo");
    max_ = std::max(2, samples_[samples_.size()]);
  }



  int count_;
  mutable T max_;
  std::vector<T> samples_;

};

}
---

building with clazy crashes clang

This is a reduce test case when building Firefox with clazy. It fails on webrtc code.

It is using Debian packages of clang. The same occurs with clang 3.6

Reproducible: Always


Actual Results:  

1  libLLVM-3.7.so.1 0x00007f16a77fe4b9
2  libpthread.so.0  0x00007f16a5dac8d0
3  ClangLazy.so     0x00007f16a38d9cf8 Utils::isPassedToFunction(clang::Stmt*, clang::VarDecl const*, bool) + 328
4  ClangLazy.so     0x00007f16a3871c5d InefficientQListBase::shouldIgnoreVariable(clang::VarDecl*) const + 477
5  ClangLazy.so     0x00007f16a3871cfb InefficientQListBase::VisitDecl(clang::Decl*) + 59
6  ClangLazy.so     0x00007f16a38a8770
7  ClangLazy.so     0x00007f16a37f7fd5
8  ClangLazy.so     0x00007f16a38aacd6
9  ClangLazy.so     0x00007f16a37f85e1
10 ClangLazy.so     0x00007f16a38aacfa
11 ClangLazy.so     0x00007f16a38ae64d
12 ClangLazy.so     0x00007f16a38a7e73
13 ClangLazy.so     0x00007f16a38ae73d
14 ClangLazy.so     0x00007f16a38a90a4
15 ClangLazy.so     0x00007f16a38a922c
16 ClangLazy.so     0x00007f16a38ae73d
17 ClangLazy.so     0x00007f16a38a8f2c
18 ClangLazy.so     0x00007f16a38ae73d
19 ClangLazy.so     0x00007f16a38a9051
20 clang            0x00000000006e36b8 clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) + 40
21 clang            0x0000000000a4a065 clang::ParseAST(clang::Sema&, bool, bool) + 709
22 clang            0x00000000006c033e clang::FrontendAction::Execute() + 254
23 clang            0x000000000069c8e1 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 289
24 clang            0x0000000000684d13 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1827
25 clang            0x000000000067e438 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 2376
26 clang            0x000000000067d441 main + 10257
27 libc.so.6        0x00007f16a4982b45 __libc_start_main + 245
28 clang            0x000000000067d4d4
Stack dump:
0.	Program arguments: /usr/lib/llvm-3.7/bin/clang -cc1 -triple x86_64-pc-linux-gnu -emit-obj -mrelax-all -disable-free -disable-llvm-verifier -main-file-name test-case.cpp -mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -target-linker-version 2.25 -dwarf-column-info -resource-dir /usr/lib/llvm-3.7/bin/../lib/clang/3.7.1 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/x86_64-linux-gnu/c++/4.9 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/x86_64-linux-gnu/c++/4.9 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/backward -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-3.7/bin/../lib/clang/3.7.1/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fdeprecated-macro -fdebug-compilation-dir /var/lib/jenkins/workspace/firefox-clazy -ferror-limit 19 -fmessage-length 227 -mstackrealign -fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-show-option -fcolor-diagnostics -load ClangLazy.so -add-plugin clang-lazy -o /tmp/test-case-3e23a6.o -x c++ test-case.cpp 
1.	<eof> parser at end of file
clang: error: unable to execute command: Segmentation fault
clang: error: clang frontend command failed due to signal (use -v to see invocation)
Debian clang version 3.7.1-svn254351-1~exp1 (branches/release_37) (based on LLVM 3.7.1)
Target: x86_64-pc-linux-gnu
Thread model: posix


Expected Results:  
Code built

Comment 1 Sylvestre Ledru 2016-04-25 12:45:32 UTC

Same issue with clang 3.8

Comment 2 Sergio Martins 2016-04-25 16:51:52 UTC

Doesn't seem very useful to build firefox with it, since there's no Qt code.
It shouldn't crash ofc though. I'll try to reproduce, thanks!

Comment 3 Sergio Martins 2016-04-25 18:01:40 UTC

Git commit d191e8cd091b381948ed30c14e8925d7787cbfe1 by Sergio Martins.
Committed on 25/04/2016 at 17:59.
Pushed by smartins into branch 'master'.

Don't crash when first child is null

M  +2    -1    Utils.cpp

http://commits.kde.org/clazy/d191e8cd091b381948ed30c14e8925d7787cbfe1