Skip to content

clang-tidy crash in clang::FunctionDecl::getNumParams() #74269

New issue
New issue
Closed
Closed
clang-tidy crash in clang::FunctionDecl::getNumParams()#74269
Labels
clang:static analyzercrashPrefer [crash-on-valid] or [crash-on-invalid]
@paulaltin

Description

@paulaltin
paulaltin
opened on Dec 4, 2023

clang-tidy-17 (version 17.0.6) crashes when run on the test program below.

#include <cstdio>

template<typename... Args>
void log(const char* fmt, const Args&... args) {
    auto f = snprintf;
    int n = f(nullptr, 0, fmt, args...);
}

int main() {
    log("%d", 1);
    return 0;
}

The output is:

Stack dump:
0.	Program arguments: clang-tidy-17 test.cpp
1.	<eof> parser at end of file
2.	While analyzing stack: 
	#0 Calling log(const char *, const int &) at line 13
	#1 Calling main()
3.	test.cpp:7:13: Error evaluating statement
4.	test.cpp:7:13: Error evaluating statement
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0  libLLVM-17.so.1    0x00007f5a91267406 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) + 54
1  libLLVM-17.so.1    0x00007f5a912655b0 llvm::sys::RunSignalHandlers() + 80
2  libLLVM-17.so.1    0x00007f5a91267a9b
3  libc.so.6          0x00007f5a9007b520
4  libclang-cpp.so.17 0x00007f5a988e1981 clang::FunctionDecl::getNumParams() const + 1
5  libclang-cpp.so.17 0x00007f5a9a79424d
6  libclang-cpp.so.17 0x00007f5a9a794530
7  libclang-cpp.so.17 0x00007f5a9a6b8660 clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&, clang::ento::EvalCallOptions const&) + 480
8  libclang-cpp.so.17 0x00007f5a9a6fc598 clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&) + 392
9  libclang-cpp.so.17 0x00007f5a9a6fc2f5 clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) + 453
10 libclang-cpp.so.17 0x00007f5a9a6dc0ca clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) + 8826
11 libclang-cpp.so.17 0x00007f5a9a6d81c3 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) + 611
12 libclang-cpp.so.17 0x00007f5a9a6d7eef clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) + 175
13 libclang-cpp.so.17 0x00007f5a9a6bf3a7 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) + 551
14 libclang-cpp.so.17 0x00007f5a9a6bef11 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) + 1201
15 libclang-cpp.so.17 0x00007f5a9aada16a
16 libclang-cpp.so.17 0x00007f5a9aaba0fc
17 libclang-cpp.so.17 0x00007f5a9a3dde4c clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) + 44
18 libclang-cpp.so.17 0x00007f5a98683816 clang::ParseAST(clang::Sema&, bool, bool) + 614
19 libclang-cpp.so.17 0x00007f5a9a3a30c5 clang::FrontendAction::Execute() + 85
20 libclang-cpp.so.17 0x00007f5a9a31e6c4 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 708
21 libclang-cpp.so.17 0x00007f5a9a6245c7 clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) + 423
22 clang-tidy-17      0x000055d44be8d478
23 libclang-cpp.so.17 0x00007f5a9a624304 clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::shared_ptr<clang::CompilerInvocation>, std::shared_ptr<clang::PCHContainerOperations>) + 276
24 libclang-cpp.so.17 0x00007f5a9a6230c4 clang::tooling::ToolInvocation::run() + 1412
25 libclang-cpp.so.17 0x00007f5a9a625b5f clang::tooling::ClangTool::run(clang::tooling::ToolAction*) + 3679
26 clang-tidy-17      0x000055d44be897d1 clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef) + 1057
27 clang-tidy-17      0x000055d44b189b04 clang::tidy::clangTidyMain(int, char const**) + 10724
28 libc.so.6          0x00007f5a90062d90
29 libc.so.6          0x00007f5a90062e40 __libc_start_main + 128
30 clang-tidy-17      0x000055d44b184e65 _start + 37
Segmentation fault (core dumped)

Metadata

Metadata

Assignees

No one assigned

    Labels

    clang:static analyzercrashPrefer [crash-on-valid] or [crash-on-invalid]

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions