Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heap corruption during parsing #24276

Closed
kmcallister opened this issue Apr 10, 2015 · 2 comments
Closed

Heap corruption during parsing #24276

kmcallister opened this issue Apr 10, 2015 · 2 comments
Labels
A-parser Area: The parsing of Rust source code to an AST. I-crash Issue: The compiler crashes (SIGSEGV, SIGABRT, etc). Use I-ICE instead when the compiler panics.

Comments

@kmcallister
Copy link
Contributor

Found with american fuzzy lop.

trait A {  
    fn a(&self) ->ze;  
}  

trait B { fn b(&self) -> e;  
}  

trait C {  
fn cne<T:A+B>(&self,&T) -> p;  
}  

struct Foo;  

impl A for Foo {  
fn b(&self) ->ze { 2 }  
    fn a(&self) -> us{***************************************************************************************************************************1 }fn b(&self) ->ze { 2 }  
}  

struct Bar;  

impl C for Bar { fn cGm<T:B+A>(&self, t: &T) ->ze { (t.a() * 100) + t.b()*}  

fn u<S:C, T:B+A>(s: &S, t: &T) -> us{  
s.ine(t)  
}  

fn main() {  
let foo = Foo; let bar = Bar;  
let r = c(&bar, &foo);  
 }_eq!(r, 10o);  
q!(r, 102);  
}
2:21:75: 21:76 error: unexpected token: `}`
2:21 impl C for Bar { fn cGm<T:B+A>(&self, t: &T) ->ze { (t.a() * 100) + t.b()*}
                                                                               ^

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffef3ff700 (LWP 5733)]
je_bitmap_unset () at /home/keegan/rust-master/src/jemalloc/include/jemalloc/internal/bitmap.h:215
215                             g = *gp;
(gdb) bt
#0  je_bitmap_unset () at /home/keegan/rust-master/src/jemalloc/include/jemalloc/internal/bitmap.h:215
#1  arena_run_reg_dalloc () at /home/keegan/rust-master/src/jemalloc/src/arena.c:217
#2  je_arena_dalloc_bin_locked () at /home/keegan/rust-master/src/jemalloc/src/arena.c:1780
#3  0x00007ffff74b9b06 in je_tcache_bin_flush_small () at /home/keegan/rust-master/src/jemalloc/src/tcache.c:120
#4  0x00007ffff74b654a in je_tcache_dalloc_small ()
    at /home/keegan/rust-master/src/jemalloc/include/jemalloc/internal/tcache.h:339
#5  je_arena_sdalloc () at /home/keegan/rust-master/src/jemalloc/include/jemalloc/internal/arena.h:1190
#6  je_isdalloct () at include/jemalloc/internal/jemalloc_internal.h:784
#7  je_isqalloc () at include/jemalloc/internal/jemalloc_internal.h:813
#8  isfree () at /home/keegan/rust-master/src/jemalloc/src/jemalloc.c:1257
#9  je_sdallocx () at /home/keegan/rust-master/src/jemalloc/src/jemalloc.c:1896
#10 0x00007ffff7adc436 in rustc_back..target..Target::drop.12797::h1e1c3ed7e6be37a6 ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/librustc_driver-4e7c5e5c.so
#11 0x00007ffff7adba94 in rustc..session..Session::drop.12791::h2ce281c92dd41c3b ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/librustc_driver-4e7c5e5c.so
#12 0x00007ffff7ad908a in driver::compile_input::ha75be46f7955f69aQba ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/librustc_driver-4e7c5e5c.so
#13 0x00007ffff7b8f506 in run_compiler::h7ddd0e44b4551e93S4b ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/librustc_driver-4e7c5e5c.so
#14 0x00007ffff7b8ce1e in boxed::F.FnBox$LT$A$GT$::call_box::h4968616622847640130 ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/librustc_driver-4e7c5e5c.so
#15 0x00007ffff7b8c35a in rt::unwind::try::try_fn::h5274304894971128350 ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/librustc_driver-4e7c5e5c.so
#16 0x00007ffff751cda9 in rust_try_inner ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/libstd-4e7c5e5c.so
#17 0x00007ffff751cd96 in rust_try ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/libstd-4e7c5e5c.so
#18 0x00007ffff7b8c62c in boxed::F.FnBox$LT$A$GT$::call_box::h3021413309117770884 ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/librustc_driver-4e7c5e5c.so
#19 0x00007ffff74827f2 in sys::thread::create::thread_start::h73e97ad98bae720fruH ()
   from /home/keegan/rust-master/x86_64-unknown-linux-gnu/stage2/bin/../lib/libstd-4e7c5e5c.so
#20 0x00007ffff13dd0a4 in start_thread (arg=0x7fffef3ff700) at pthread_create.c:309
#21 0x00007ffff703904d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Tested on rustc 1.0.0-dev (f207ecb 2015-04-03) (built 2015-04-04). Also happens on play.rust-lang.org
@kmcallister kmcallister added I-crash Issue: The compiler crashes (SIGSEGV, SIGABRT, etc). Use I-ICE instead when the compiler panics. A-parser Area: The parsing of Rust source code to an AST. labels Apr 10, 2015
@arielb1
Copy link
Contributor

arielb1 commented Apr 10, 2015

Does not crash, or make valgrind complain, on new rustc (d9146bf 2015-04-07). Probably fixed in the parser improvements.

The old parser had quite a lot of unsafe code, through.

Anyway, minified:

impl () {
  fn p() { t + t* }  
  fn q() {  }
}

@steveklabnik
Copy link
Member

Both of these also no longer crash for me either! @kmcallister , let me know if I'm missing something, but closing for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-parser Area: The parsing of Rust source code to an AST. I-crash Issue: The compiler crashes (SIGSEGV, SIGABRT, etc). Use I-ICE instead when the compiler panics.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@steveklabnik @kmcallister @arielb1