libclang parsing bug

Hey everyone,

first of all I just wanted to say thanks :slight_smile: I’ve been using libclang for building my own C/C++ IDE and its great. I have, however discovered a bug (which I already submitted on llvm bugzilla but I got the impression that no one reads that :)). If I try to use clang_parseTranslationUnit on this code below:

int main() { return reinterpret_cast

libclang crashes.

This is the code I used to parse the code above:

#include <clang-c/Index.h>

int main(int argc, char** argv)
{
CXIndex index = clang_createIndex(0, 0);
CXTranslationUnit translationUnit = clang_parseTranslationUnit(index, 0, argv, argc, 0, 0, CXTranslationUnit_None);

clang_disposeTranslationUnit(translationUnit);
clang_disposeIndex(index);
return 0;
}

Am I doing anything wrong?

Here’s the output from valgrind:

$ valgrind --leak-check=full ./bug_report …/main.cpp
==5926== Memcheck, a memory error detector
==5926== Copyright (C) 2002-2011, and GNU GPL’d, by Julian Seward et al.
==5926== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==5926== Command: ./bug_report …/main.cpp
==5926==
==5926== Thread 2:
==5926== Invalid read of size 1
==5926== at 0x55C5FD6: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x5189741: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x5181324: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x5182D6C: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x5183D9E: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x5184D28: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x51AAA8D: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x51B160F: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x51B19AC: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x51ADEE3: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x51AECB1: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x515C9DF: ??? (in /usr/lib/libclang.so.1)
==5926== Address 0xe0 is not stack’d, malloc’d or (recently) free’d
==5926==
libclang: crash detected during parsing: {
‘source_filename’ : ‘(null)’
‘command_line_args’ : [’./bug_report’, ‘…/main.cpp’],
‘unsaved_files’ : [],
‘options’ : 0,
}
==5926==
==5926== HEAP SUMMARY:
==5926== in use at exit: 13,326 bytes in 56 blocks
==5926== total heap usage: 20,674 allocs, 20,618 frees, 29,235,096 bytes
allocated
==5926==
==5926== Thread 1:
==5926== 47 bytes in 1 blocks are definitely lost in loss record 17 of 31
==5926== at 0x4C2B1C7: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)

==5926== by 0x5A71708: std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator const&) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17)
==5926== by 0x5A730E4: char* std::string::_S_construct<char const*>(char const*, char const*, std::allocator const&, std::forward_iterator_tag) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17)
==5926== by 0x5A731FC: std::basic_string<char, std::char_traits, std::allocator >::basic_string(char const*, unsigned long, std::allocator const&) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17)
==5926== by 0x6D4101B: llvm::sys::Path::Path(llvm::StringRef) (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x4F4788C: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x4F39080: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x6D32DDE: llvm::CrashRecoveryContext::RunSafely(void ()(void), void*) (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x6D32E13: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x6D583CC: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x7610E99: start_thread (pthread_create.c:308)
==5926== by 0x5DAB4BC: clone (clone.S:112)
==5926==
==5926== 3,108 (1,104 direct, 2,004 indirect) bytes in 1 blocks are definitely lost in loss record 29 of 31
==5926== at 0x4C2B1C7: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5926== by 0x5026BAB: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x50290D4: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x502A3F6: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x4F39144: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x6D32DDE: llvm::CrashRecoveryContext::RunSafely(void()(void), void*) (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x6D32E13: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x6D583CC: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x7610E99: start_thread (pthread_create.c:308)
==5926== by 0x5DAB4BC: clone (clone.S:112)
==5926==
==5926== 8,648 (448 direct, 8,200 indirect) bytes in 1 blocks are definitely lost in loss record 31 of 31

==5926== at 0x4C2B1C7: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5926== by 0x51534AD: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x5153F48: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x5152004: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x5026FFF: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x50290D4: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x502A3F6: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x4F39144: ??? (in /usr/lib/libclang.so.1)
==5926== by 0x6D32DDE: llvm::CrashRecoveryContext::RunSafely(void ()(void), void*) (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x6D32E13: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x6D583CC: ??? (in /usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1)
==5926== by 0x7610E99: start_thread (pthread_create.c:308)
==5926==
==5926== LEAK SUMMARY:
==5926== definitely lost: 1,599 bytes in 3 blocks
==5926== indirectly lost: 10,204 bytes in 42 blocks
==5926== possibly lost: 0 bytes in 0 blocks
==5926== still reachable: 1,523 bytes in 11 blocks
==5926== suppressed: 0 bytes in 0 blocks
==5926== Reachable blocks (those to which a pointer was found) are not shown.
==5926== To see them, rerun with: --leak-check=full --show-reachable=yes
==5926==
==5926== For counts of detected and suppressed errors, rerun with: -v
==5926== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 2 from 2)

I can confirm that Apple's released clang will crash as well; and same with TOT.

What's the bug #?

-- Marshall

Marshall Clow Idio Software <mailto:mclow.lists@gmail.com>

A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated down to (-1, Flamebait).
        -- Yu Suzuki

The bug number is 13619. Oh, apparently it crashes if you substitute “reinterpret_cast” with “static_cast” or “dynamic_cast” as well.