Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compiler null dereference on invalid implicit conversion between incompatible checked pointer types #1115

Open
secure-sw-dev-bot opened this issue Jan 17, 2022 · 0 comments
Open

Compiler null dereference on invalid implicit conversion between incompatible checked pointer types #1115

secure-sw-dev-bot opened this issue Jan 17, 2022 · 0 comments
Labels
bug Something isn't working priority:3

Comments

@secure-sw-dev-bot
Copy link

This issue was copied from checkedc/checkedc-clang#1115

Another low-priority issue for the record. Compiling the following code:

#pragma CHECKED_SCOPE on

int main(void) {
  _Array_ptr<void> pv = 0;
  _Array_ptr<_Ptr<int>> ppi = 0;
  ppi = pv;
  return 0;
}

crashes the compiler as follows:

casts-compiler-crash.c:6:7: error: implicit conversion between '_Array_ptr<void>' and '_Array_ptr<_Ptr<int>>' is not allowed in a checked scope because '_Ptr<int>' contains or is a checked pointer
  ppi = pv;
      ^
PLEASE submit a bug report to https://github.com/Microsoft/checkedc-clang/issues and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /home/matt/3c/build/bin/clang -c -o /dev/null casts-compiler-crash.c 
1.	casts-compiler-crash.c:6:11: current parser token ';'
2.	casts-compiler-crash.c:3:16: parsing function body 'main'
3.	casts-compiler-crash.c:3:16: in compound statement ('{}')
 #0 0x0000562f8ef8122b llvm::sys::PrintStackTrace(llvm::raw_ostream&) /home/matt/3c/llvm/lib/Support/Unix/Signals.inc:564:22
 #1 0x0000562f8ef8129e PrintStackTraceSignalHandler(void*) /home/matt/3c/llvm/lib/Support/Unix/Signals.inc:625:1
 #2 0x0000562f8ef7ed8a llvm::sys::RunSignalHandlers() /home/matt/3c/llvm/lib/Support/Signals.cpp:68:20
 #3 0x0000562f8ef7ef89 llvm::sys::CleanupOnSignal(unsigned long) /home/matt/3c/llvm/lib/Support/Unix/Signals.inc:361:31
 #4 0x0000562f8eed2264 HandleCrash /home/matt/3c/llvm/lib/Support/CrashRecoveryContext.cpp:75:27
 #5 0x0000562f8eed2264 CrashRecoverySignalHandler(int) /home/matt/3c/llvm/lib/Support/CrashRecoveryContext.cpp:382:62
 #6 0x00007f67092663c0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
 #7 0x0000562f91d75e71 clang::Sema::DiagnoseAssignmentResult(clang::Sema::AssignConvertType, clang::SourceLocation, clang::QualType, clang::QualType, clang::Expr*, clang::Sema::AssignmentAction, bool*) /home/matt/3c/clang/lib/Sema/SemaExpr.cpp:16720:17
 #8 0x0000562f91d94400 clang::Sema::CheckAssignmentOperands(clang::Expr*, clang::ActionResult<clang::Expr*, true>&, clang::SourceLocation, clang::QualType) /home/matt/3c/clang/lib/Sema/SemaExpr.cpp:13513:3
 #9 0x0000562f91d9d868 clang::Sema::CreateBuiltinBinOp(clang::SourceLocation, clang::BinaryOperatorKind, clang::Expr*, clang::Expr*) /home/matt/3c/clang/lib/Sema/SemaExpr.cpp:14440:73
#10 0x0000562f91d9edd5 clang::Sema::BuildBinOp(clang::Scope*, clang::SourceLocation, clang::BinaryOperatorKind, clang::Expr*, clang::Expr*) /home/matt/3c/clang/lib/Sema/SemaExpr.cpp:15014:57
#11 0x0000562f91d9ee40 clang::Sema::ActOnBinOp(clang::Scope*, clang::SourceLocation, clang::tok::TokenKind, clang::Expr*, clang::Expr*) /home/matt/3c/clang/lib/Sema/SemaExpr.cpp:14867:1
#12 0x0000562f91426f15 clang::Parser::ParseRHSOfBinaryExpression(clang::ActionResult<clang::Expr*, true>, clang::prec::Level) (.localalias) /home/matt/3c/clang/lib/Parse/ParseExpr.cpp:632:71
#13 0x0000562f91427e8a clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) /home/matt/3c/clang/lib/Parse/ParseExpr.cpp:179:1
#14 0x0000562f91427351 clang::Parser::ParseExpression(clang::Parser::TypeCastState) /home/matt/3c/clang/lib/Parse/ParseExpr.cpp:124:54
#15 0x0000562f9145fc3e clang::Parser::ParseExprStatement(clang::Parser::ParsedStmtContext) /home/matt/3c/clang/lib/Parse/ParseStmt.cpp:478:3
#16 0x0000562f9145df7c clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::Parser::ParsedAttributesWithRange&) /home/matt/3c/clang/lib/Parse/ParseStmt.cpp:247:38
#17 0x0000562f9145e78d clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) /home/matt/3c/clang/lib/Parse/ParseStmt.cpp:107:45
#18 0x0000562f91463ebc clang::Parser::ParseCompoundStatementBody(bool, clang::CheckedScopeSpecifier, clang::SourceLocation, clang::SourceLocation) /home/matt/3c/clang/lib/Parse/ParseStmt.cpp:1172:56
#19 0x0000562f91465e53 clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&, clang::CheckedScopeSpecifier) /home/matt/3c/clang/lib/Parse/ParseStmt.cpp:2322:70
#20 0x0000562f913c9106 clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) /home/matt/3c/clang/lib/Parse/Parser.cpp:1400:36
#21 0x0000562f913e65a2 clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::SourceLocation*, clang::Parser::ForRangeInit*) /home/matt/3c/clang/lib/Parse/ParseDecl.cpp:2013:36
#22 0x0000562f913c3888 clang::Sema::CheckedScopeRAII::~CheckedScopeRAII() /home/matt/3c/clang/include/clang/Sema/Sema.h:4427:28
#23 0x0000562f913c3888 clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec&, clang::AccessSpecifier) /home/matt/3c/clang/lib/Parse/Parser.cpp:1042:57
#24 0x0000562f913c3e5c clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec*, clang::AccessSpecifier) /home/matt/3c/clang/lib/Parse/Parser.cpp:1154:57
#25 0x0000562f913c4b12 clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec*) (.localalias) /home/matt/3c/clang/lib/Parse/Parser.cpp:956:58
#26 0x0000562f913c4e15 clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, bool) /home/matt/3c/clang/lib/Parse/Parser.cpp:704:42
#27 0x0000562f913bac6f clang::ParseAST(clang::Sema&, bool, bool) /home/matt/3c/clang/lib/Parse/ParseAST.cpp:157:56
#28 0x0000562f8fd444d5 clang::ASTFrontendAction::ExecuteAction() /home/matt/3c/clang/lib/Frontend/FrontendAction.cpp:1059:1
#29 0x0000562f8fe4eb68 clang::CodeGenAction::ExecuteAction() /home/matt/3c/clang/lib/CodeGen/CodeGenAction.cpp:1185:1
#30 0x0000562f8fd46e7a clang::FrontendAction::Execute() /home/matt/3c/clang/lib/Frontend/FrontendAction.cpp:950:21
#31 0x0000562f8fc870bd llvm::Error::setChecked(bool) /home/matt/3c/llvm/include/llvm/Support/Error.h:305:22
#32 0x0000562f8fc870bd llvm::Error::operator bool() /home/matt/3c/llvm/include/llvm/Support/Error.h:236:15
#33 0x0000562f8fc870bd clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /home/matt/3c/clang/lib/Frontend/CompilerInstance.cpp:984:42
#34 0x0000562f8fe442be clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /home/matt/3c/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:278:38
#35 0x0000562f8d7fc0a8 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/matt/3c/clang/tools/driver/cc1_main.cpp:240:40
#36 0x0000562f8d7f6105 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) /home/matt/3c/clang/tools/driver/driver.cpp:330:20
#37 0x0000562f8fab52ed operator() /home/matt/3c/clang/lib/Driver/Job.cpp:400:32
#38 0x0000562f8fab52ed void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::'lambda'()>(long) /home/matt/3c/llvm/include/llvm/ADT/STLExtras.h:185:52
#39 0x0000562f8eed23c2 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) /home/matt/3c/llvm/lib/Support/CrashRecoveryContext.cpp:419:10
#40 0x0000562f8fab8757 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const /home/matt/3c/clang/lib/Driver/Job.cpp:400:3
#41 0x0000562f8fa7f8eb clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const /home/matt/3c/clang/lib/Driver/Compilation.cpp:195:22
#42 0x0000562f8fa804a2 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const /home/matt/3c/clang/lib/Driver/Compilation.cpp:246:5
#43 0x0000562f8fa8acc0 llvm::SmallVectorBase<unsigned int>::empty() const /home/matt/3c/llvm/include/llvm/ADT/SmallVector.h:69:47
#44 0x0000562f8fa8acc0 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) /home/matt/3c/clang/lib/Driver/Driver.cpp:1509:28
#45 0x0000562f8d7f9403 main /home/matt/3c/clang/tools/driver/driver.cpp:502:39
#46 0x00007f6708ce60b3 __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:342:3
#47 0x0000562f8d7f5b7e _start (/home/matt/3c/build/bin/clang+0x2adbb7e)
clang-11: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 11.0.0
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/matt/3c/build/bin
clang-11: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-11: note: diagnostic msg: /tmp/casts-compiler-crash-28c8f0.c
clang-11: note: diagnostic msg: /tmp/casts-compiler-crash-28c8f0.sh
clang-11: note: diagnostic msg: 

********************

I think the proper fix is probably just to add the missing null check. But I don't want to spend the time right now to submit this as a PR and fulfill the related responsibilities (testing, etc.), and even if I did, I don't know if you'd want to spend the time to review the PR now. So I'll just file an issue.
@secure-sw-dev-bot secure-sw-dev-bot added bug Something isn't working priority:3 labels Jan 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working priority:3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@secure-sw-dev-bot