Regression(d437fba8ef626b6d8b7928540f630163a9b04021): msan doesn't correctly instrument memcpy() with -D_FORTIFY_SOURCE=2 #44124
Description
| Bugzilla Link | 44779 |
| Version | unspecified |
| OS | Linux |
| Attachments | repro |
| CC | @eugenis,@rnk,@serge-sans-paille |
Extended Description
Not sure if this is a clang bug or a runtime bug.
Link to discussion of bad commit: https://reviews.llvm.org/D71082
Unzip the attached repro.cc and run:
third_party/llvm-build/Release+Asserts/bin/clang++ -D_FORTIFY_SOURCE=2 -O2 -gline-tables-only -fsanitize=memory -fsanitize-memory-track-origins=2 -std=c++14 -fno-exceptions -fno-rtti ./base/repro.cc -o repro
./repro
Before d437fba that worked fine. After, it yields:
-
./repro
==93469==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x4d199a in (anonymous namespace)::itanium_demangle::PODSmallVector<(anonymous namespace)::itanium_demangle::Node*, 8ul>::push_back((anonymous namespace)::itanium_demangle::Node* const&) /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:2588:9
#1 0x4ac008 in (anonymous namespace)::itanium_demangle::AbstractManglingParser<(anonymous namespace)::itanium_demangle::ManglingParser, Allocator>::parseTemplateArgs(bool) /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:5808:30
#2 0x4a4a3b in parseNestedName /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:3471:31
#3 0x4a4a3b in (anonymous namespace)::itanium_demangle::AbstractManglingParser<(anonymous namespace)::itanium_demangle::ManglingParser, Allocator>::parseName((anonymous namespace)::itanium_demangle::AbstractManglingParser<(anonymous namespace)::itanium_demangle::ManglingParser, Allocator>::NameState*) /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:2845:25
#4 0x49ba91 in (anonymous namespace)::itanium_demangle::AbstractManglingParser<(anonymous namespace)::itanium_demangle::ManglingParser, Allocator>::parseEncoding() /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:5420:29
#5 0x49ad0b in parse /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:5827:35
#6 0x49ad0b in main /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:5924:40
#7 0x7fc8bb947bba in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26bba)
#8 0x41f299 in _start (/usr/local/google/home/thakis/src/chrome/src/repro+0x41f299)Uninitialized value was stored to memory at
#0 0x445316 in __msan_memcpy /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/msan/msan_interceptors.cpp:1567:3
#1 0x4ac09e in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10
#2 0x4ac09e in operator= /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:2566:7
#3 0x4ac09e in (anonymous namespace)::itanium_demangle::AbstractManglingParser<(anonymous namespace)::itanium_demangle::ManglingParser, Allocator>::parseTemplateArgs(bool) /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:5797:22Uninitialized value was created by an allocation of 'OldParams' in the stack frame of function '_ZN12_GLOBAL__N_116itanium_demangle22AbstractManglingParserINS0_14ManglingParserI9AllocatorEES3_E17parseTemplateArgsEb'
#0 0x4ab420 in (anonymous namespace)::itanium_demangle::AbstractManglingParser<(anonymous namespace)::itanium_demangle::ManglingParser, Allocator>::parseTemplateArgs(bool) /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:5780
SUMMARY: MemorySanitizer: use-of-uninitialized-value /usr/local/google/home/thakis/src/chrome/src/./base/repro.cc:2588:9 in (anonymous namespace)::itanium_demangle::PODSmallVector<(anonymous namespace)::itanium_demangle::Node*, 8ul>::push_back((anonymous namespace)::itanium_demangle::Node* const&)
Exiting