New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

segfault in compiler when accessing field on incorrectly derefenced slice #1372

Closed
shawnl opened this Issue Aug 11, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@shawnl
Contributor

shawnl commented Aug 11, 2018

shawn@shawn-desktop:~/git/zig/std/crypto$ lldb zig test chacha20.zig 
(lldb) target create "zig"
Current executable set to 'zig' (x86_64).
(lldb) settings set -- target.run-args  "test" "chacha20.zig"
(lldb) r
bProcess 1732 launched: '/home/shawn/bin/zig' (x86_64)
bProcess 1732 stopped
* thread #1, name = 'zig', stop reason = signal SIGSEGV: invalid address (fault address: 0x0)
    frame #0: 0x00007ffff37f6ed0 zig`type_is_invalid(TypeTableEntry*)
zig`type_is_invalid:
->  0x7ffff37f6ed0 <+0>: movl   (%rdi), %edx
    0x7ffff37f6ed2 <+2>: cmpl   $0x9, %edx
    0x7ffff37f6ed5 <+5>: je     0x7ffff37f6f08            ; <+56>
    0x7ffff37f6ed7 <+7>: jbe    0x7ffff37f6ef8            ; <+40>
(lldb) bt
* thread #1, name = 'zig', stop reason = signal SIGSEGV: invalid address (fault address: 0x0)
  * frame #0: 0x00007ffff37f6ed0 zig`type_is_invalid(TypeTableEntry*)
    frame #1: 0x00007ffff386713e zig`ir_analyze_instruction_field_ptr(IrAnalyze*, IrInstructionFieldPtr*) + 110
    frame #2: 0x00007ffff386983a zig`ir_analyze_instruction_nocast(IrAnalyze*, IrInstruction*) + 5402
    frame #3: 0x00007ffff386ac3a zig`ir_analyze(CodeGen*, IrExecutable*, IrExecutable*, TypeTableEntry*, AstNode*) + 250
    frame #4: 0x00007ffff3805575 zig`analyze_fn_ir(CodeGen*, FnTableEntry*, AstNode*) + 53
    frame #5: 0x00007ffff3806322 zig`semantic_analyze(CodeGen*) + 482
    frame #6: 0x00007ffff382c1f9 zig`codegen_build(CodeGen*) + 1081
    frame #7: 0x00007ffff376c9d1 zig`main + 7313
    frame #8: 0x00007ffff65d669d zig`__libc_start_main(main=(zig`main), argc=3, argv=0x00007fffffffe098) at __libc_start_main.c:74
    frame #9: 0x00007ffff37f4567 zig`__dls2(base=<unavailable>, sp=<unavailable>) at rcrt1.c:14
    frame #10: 0x00007ffff37f43f5 zig`_start + 22

program: https://gist.github.com/shawnl/8ebb7bab14658cfa4b38b203b9ec618e

@shawnl shawnl changed the title from segfault in zig compiler to null pointer dereference in zig compiler Aug 11, 2018

@tiehuis

This comment has been minimized.

Member

tiehuis commented Aug 12, 2018

Reduced test case. The problem here is when referencing a child member of a slice after de-referencing it.

fn add(a: []u8) void {
    const b = a.*.len;
}

pub fn main() void {
    var r: [10]u8 = undefined;
    add(r[0..]);
}

Instead we should emit a compile error as is currently the case when trying to deference the slice without accessing a member.

fn add(a: []u8) void {
    const b = a.*;
}

pub fn main() void {
    var r: [10]u8 = undefined;
    add(r[0..]);
}

results in

/tmp/t.zig:2:16: error: attempt to dereference non-pointer type '[]u8'
    const b = a.*;
           

@tiehuis tiehuis changed the title from null pointer dereference in zig compiler to segfault when accessing field on incorrectly derefenced slice Aug 12, 2018

@tiehuis tiehuis added the bug label Aug 12, 2018

@tiehuis tiehuis added this to the 0.3.0 milestone Aug 12, 2018

@shawnl shawnl changed the title from segfault when accessing field on incorrectly derefenced slice to segfault in compiler when accessing field on incorrectly derefenced slice Aug 12, 2018

@andrewrk andrewrk closed this in c1af360 Sep 18, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment