https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105296
Bug ID: 105296 Summary: libgccjit crashes when creating a struct constructor for an aligned struct type Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: jit Assignee: dmalcolm at gcc dot gnu.org Reporter: m...@nieper-wisskirchen.de Target Milestone: --- Consider the following example program: #include <libgccjit.h> int main (void) { gcc_jit_context *ctxt = gcc_jit_context_acquire (); gcc_jit_type *int_type = gcc_jit_context_get_type (ctxt, GCC_JIT_TYPE_INT); gcc_jit_field *field = gcc_jit_context_new_field (ctxt, NULL, int_type, "int"); gcc_jit_struct *struct_ = gcc_jit_context_new_struct_type (ctxt, NULL, "struct", 1, (gcc_jit_field *[]) {field}); gcc_jit_type *struct_type = gcc_jit_struct_as_type (struct_); gcc_jit_type *aligned_struct_type = gcc_jit_type_get_aligned (struct_type, 16); gcc_jit_lvalue *global = gcc_jit_context_new_global (ctxt, NULL, GCC_JIT_GLOBAL_EXPORTED, aligned_struct_type, "global"); gcc_jit_rvalue *val = gcc_jit_context_new_rvalue_from_int (ctxt, int_type, 42); gcc_jit_rvalue *ctor = gcc_jit_context_new_struct_constructor (ctxt, NULL, aligned_struct_type, 1, (gcc_jit_field *[]) {field}, (gcc_jit_rvalue *[]) {val}); gcc_jit_global_set_initializer_rvalue (global, ctor); gcc_jit_result *res = gcc_jit_context_compile (ctxt); gcc_jit_context_release (ctxt); gcc_jit_result_release (res); } On my system, I get: $ gcc -lgccjit struct.c && valgrind ./a.out ==1022902== Memcheck, a memory error detector ==1022902== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==1022902== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info ==1022902== Command: ./a.out ==1022902== ==1022902== Invalid read of size 8 ==1022902== at 0x4B7F3CF: get_fields (jit-recording.h:968) ==1022902== by 0x4B7F3CF: gcc_jit_context_new_struct_constructor (libgccjit.cc:1436) ==1022902== by 0x4012F7: main (in /home/mnieper/tmp/a.out) ==1022902== Address 0x6fbbfc8 is 0 bytes after a block of size 56 alloc'd ==1022902== at 0x4843839: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==1022902== by 0x5EC26AB: operator new(unsigned long) (new_op.cc:50) ==1022902== by 0x4B90F47: gcc::jit::recording::type::get_aligned(unsigned long) (jit-recording.cc:2295) ==1022902== by 0x4B853FE: gcc_jit_type_get_aligned (libgccjit.cc:3950) ==1022902== by 0x401278: main (in /home/mnieper/tmp/a.out) ==1022902== ==1022902== Invalid read of size 8 ==1022902== at 0x4B7F3D3: length (vec.h:1473) ==1022902== by 0x4B7F3D3: length (jit-recording.h:1033) ==1022902== by 0x4B7F3D3: gcc_jit_context_new_struct_constructor (libgccjit.cc:1437) ==1022902== by 0x4012F7: main (in /home/mnieper/tmp/a.out) ==1022902== Address 0x28 is not stack'd, malloc'd or (recently) free'd ==1022902== ==1022902== ==1022902== Process terminating with default action of signal 11 (SIGSEGV) ==1022902== Access not within mapped region at address 0x28 ==1022902== at 0x4B7F3D3: length (vec.h:1473) ==1022902== by 0x4B7F3D3: length (jit-recording.h:1033) ==1022902== by 0x4B7F3D3: gcc_jit_context_new_struct_constructor (libgccjit.cc:1437) ==1022902== by 0x4012F7: main (in /home/mnieper/tmp/a.out) ==1022902== If you believe this happened as a result of a stack ==1022902== overflow in your program's main thread (unlikely but ==1022902== possible), you can try to increase the size of the ==1022902== main thread stack using the --main-stacksize= flag. ==1022902== The main thread stack size used in this run was 8388608. ==1022902== ==1022902== HEAP SUMMARY: ==1022902== in use at exit: 79,354 bytes in 46 blocks ==1022902== total heap usage: 48 allocs, 2 frees, 79,466 bytes allocated ==1022902== ==1022902== LEAK SUMMARY: ==1022902== definitely lost: 0 bytes in 0 blocks ==1022902== indirectly lost: 0 bytes in 0 blocks ==1022902== possibly lost: 0 bytes in 0 blocks ==1022902== still reachable: 79,354 bytes in 46 blocks ==1022902== suppressed: 0 bytes in 0 blocks ==1022902== Rerun with --leak-check=full to see details of leaked memory ==1022902== ==1022902== For lists of detected and suppressed errors, rerun with: -s ==1022902== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0) Speicherzugriffsfehler (Speicherabzug geschrieben)