[Bug jit/105296] New: libgccjit crashes when creating a struct constructor for an aligned struct type

marc@nieper-wisskirchen.de gcc-bugzilla@gcc.gnu.org
Sat Apr 16 20:18:19 GMT 2022 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105296

            Bug ID: 105296
           Summary: libgccjit crashes when creating a struct constructor
                    for an aligned struct type
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: jit
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: marc@nieper-wisskirchen.de
  Target Milestone: ---

Consider the following example program:

#include <libgccjit.h>

int
main (void)
{
  gcc_jit_context *ctxt = gcc_jit_context_acquire ();
  gcc_jit_type *int_type
    = gcc_jit_context_get_type (ctxt, GCC_JIT_TYPE_INT);
  gcc_jit_field *field = gcc_jit_context_new_field (ctxt, NULL, int_type,
"int");
  gcc_jit_struct *struct_
    = gcc_jit_context_new_struct_type (ctxt, NULL, "struct", 1, (gcc_jit_field
*[]) {field});
  gcc_jit_type *struct_type
    = gcc_jit_struct_as_type (struct_);
  gcc_jit_type *aligned_struct_type
    = gcc_jit_type_get_aligned (struct_type, 16);
  gcc_jit_lvalue *global
    = gcc_jit_context_new_global (ctxt, NULL, GCC_JIT_GLOBAL_EXPORTED,
                                  aligned_struct_type, "global");
  gcc_jit_rvalue *val
    = gcc_jit_context_new_rvalue_from_int (ctxt, int_type, 42);
  gcc_jit_rvalue *ctor
    = gcc_jit_context_new_struct_constructor (ctxt, NULL,
                                              aligned_struct_type,
                                              1,
                                              (gcc_jit_field *[]) {field},
                                              (gcc_jit_rvalue *[]) {val});
  gcc_jit_global_set_initializer_rvalue (global, ctor);

  gcc_jit_result *res = gcc_jit_context_compile (ctxt);
  gcc_jit_context_release (ctxt);
  gcc_jit_result_release (res);
}


On my system, I get:

$ gcc -lgccjit struct.c && valgrind ./a.out 
==1022902== Memcheck, a memory error detector
==1022902== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1022902== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==1022902== Command: ./a.out
==1022902== 
==1022902== Invalid read of size 8
==1022902==    at 0x4B7F3CF: get_fields (jit-recording.h:968)
==1022902==    by 0x4B7F3CF: gcc_jit_context_new_struct_constructor
(libgccjit.cc:1436)
==1022902==    by 0x4012F7: main (in /home/mnieper/tmp/a.out)
==1022902==  Address 0x6fbbfc8 is 0 bytes after a block of size 56 alloc'd
==1022902==    at 0x4843839: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==1022902==    by 0x5EC26AB: operator new(unsigned long) (new_op.cc:50)
==1022902==    by 0x4B90F47: gcc::jit::recording::type::get_aligned(unsigned
long) (jit-recording.cc:2295)
==1022902==    by 0x4B853FE: gcc_jit_type_get_aligned (libgccjit.cc:3950)
==1022902==    by 0x401278: main (in /home/mnieper/tmp/a.out)
==1022902== 
==1022902== Invalid read of size 8
==1022902==    at 0x4B7F3D3: length (vec.h:1473)
==1022902==    by 0x4B7F3D3: length (jit-recording.h:1033)
==1022902==    by 0x4B7F3D3: gcc_jit_context_new_struct_constructor
(libgccjit.cc:1437)
==1022902==    by 0x4012F7: main (in /home/mnieper/tmp/a.out)
==1022902==  Address 0x28 is not stack'd, malloc'd or (recently) free'd
==1022902== 
==1022902== 
==1022902== Process terminating with default action of signal 11 (SIGSEGV)
==1022902==  Access not within mapped region at address 0x28
==1022902==    at 0x4B7F3D3: length (vec.h:1473)
==1022902==    by 0x4B7F3D3: length (jit-recording.h:1033)
==1022902==    by 0x4B7F3D3: gcc_jit_context_new_struct_constructor
(libgccjit.cc:1437)
==1022902==    by 0x4012F7: main (in /home/mnieper/tmp/a.out)
==1022902==  If you believe this happened as a result of a stack
==1022902==  overflow in your program's main thread (unlikely but
==1022902==  possible), you can try to increase the size of the
==1022902==  main thread stack using the --main-stacksize= flag.
==1022902==  The main thread stack size used in this run was 8388608.
==1022902== 
==1022902== HEAP SUMMARY:
==1022902==     in use at exit: 79,354 bytes in 46 blocks
==1022902==   total heap usage: 48 allocs, 2 frees, 79,466 bytes allocated
==1022902== 
==1022902== LEAK SUMMARY:
==1022902==    definitely lost: 0 bytes in 0 blocks
==1022902==    indirectly lost: 0 bytes in 0 blocks
==1022902==      possibly lost: 0 bytes in 0 blocks
==1022902==    still reachable: 79,354 bytes in 46 blocks
==1022902==         suppressed: 0 bytes in 0 blocks
==1022902== Rerun with --leak-check=full to see details of leaked memory
==1022902== 
==1022902== For lists of detected and suppressed errors, rerun with: -s
==1022902== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Speicherzugriffsfehler (Speicherabzug geschrieben)

More information about the Gcc-bugs mailing list