[libcxx] Fix crash in std::stringstream with payload >= INT_MAX#9
Merged
alexey-milovidov merged 1 commit intoClickHouse:ClickHouse/release/15.xfrom Apr 15, 2023
Conversation
Member
|
Thanks. Not sure ... should we wait till your fix is merged upstream before patching ClickHouse's libcxx? |
Member
Author
Same here, likely upstreaming patch can take awhile, and we can rebase after, but personally I don't have any hurry here. |
stringstream does works for payload > INT_MAX, however stringstream::gcount() can break the internal field (__nout_) and this breaks the stringstream itself, and so the program will crash. Fix this, by using __pbump(streamsize) over pbump(int) Note, libstdc++ does not have this bug. Signed-off-by: Azat Khuzhin <[email protected]> Differential Revision: https://reviews.llvm.org/D146294
azat
force-pushed
the
ch/stringstream-INT_MAX
branch
from
5ac1cb3 to
294c977
Compare
Member
Author
|
Rebased on top of #10 and also update the patch to the latest version. |
Member
|
Let's not wait for upstream updates. |
azat
added a commit
to azat/ClickHouse
that referenced
this pull request
Apr 17, 2023
rschu1ze
pushed a commit
that referenced
this pull request
Jul 3, 2024
For the following program,
$ cat t.c
struct t {
int (__attribute__((btf_type_tag("rcu"))) *f)();
int a;
};
int foo(struct t *arg) {
return arg->a;
}
Compiling with 'clang -g -O2 -S t.c' will cause a failure like below:
clang: /home/yhs/work/llvm-project/clang/lib/Sema/SemaType.cpp:6391: void {anonymous}::DeclaratorLocFiller::VisitParenTypeLoc(clang::ParenTypeLoc):
Assertion `Chunk.Kind == DeclaratorChunk::Paren' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
......
#5 0x00007f89e4280ea5 abort (/lib64/libc.so.6+0x21ea5)
#6 0x00007f89e4280d79 _nl_load_domain.cold.0 (/lib64/libc.so.6+0x21d79)
#7 0x00007f89e42a6456 (/lib64/libc.so.6+0x47456)
#8 0x00000000045c2596 GetTypeSourceInfoForDeclarator((anonymous namespace)::TypeProcessingState&, clang::QualType, clang::TypeSourceInfo*) SemaType.cpp:0:0
#9 0x00000000045ccfa5 GetFullTypeForDeclarator((anonymous namespace)::TypeProcessingState&, clang::QualType, clang::TypeSourceInfo*) SemaType.cpp:0:0
......
The reason of the failure is due to the mismatch of TypeLoc and D.getTypeObject().Kind. For example,
the TypeLoc is
BTFTagAttributedType 0x88614e0 'int btf_type_tag(rcu)()' sugar
|-ParenType 0x8861480 'int ()' sugar
| `-FunctionNoProtoType 0x8861450 'int ()' cdecl
| `-BuiltinType 0x87fd500 'int'
while corresponding D.getTypeObject().Kind points to DeclaratorChunk::Paren, and
this will cause later assertion.
To fix the issue, similar to AttributedTypeLoc, let us skip BTFTagAttributedTypeLoc in
GetTypeSourceInfoForDeclarator().
Differential Revision: https://reviews.llvm.org/D136807
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
stringstream does works for payload > INT_MAX, however stringstream::gcount() can break the internal field (_nout) and this breaks the stringstream itself, and so the program will crash.
Fix this, by using __pbump(streamsize) over pbump(int)
Note, libstdc++ does not have this bug.
Differential Revision: https://reviews.llvm.org/D146294 (cherry picked from commit d921b3029ce74a233f0bb1232ef64796a89aed8f)
Refs: ClickHouse/ClickHouse#47679