https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105296
Bug ID: 105296
Summary: libgccjit crashes when creating a struct constructor
for an aligned struct type
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: jit
Assignee: dmalcolm at gcc dot gnu.org
Reporter: m...@nieper-wisskirchen.de
Target Milestone: ---
Consider the following example program:
#include <libgccjit.h>
int
main (void)
{
gcc_jit_context *ctxt = gcc_jit_context_acquire ();
gcc_jit_type *int_type
= gcc_jit_context_get_type (ctxt, GCC_JIT_TYPE_INT);
gcc_jit_field *field = gcc_jit_context_new_field (ctxt, NULL, int_type,
"int");
gcc_jit_struct *struct_
= gcc_jit_context_new_struct_type (ctxt, NULL, "struct", 1, (gcc_jit_field
*[]) {field});
gcc_jit_type *struct_type
= gcc_jit_struct_as_type (struct_);
gcc_jit_type *aligned_struct_type
= gcc_jit_type_get_aligned (struct_type, 16);
gcc_jit_lvalue *global
= gcc_jit_context_new_global (ctxt, NULL, GCC_JIT_GLOBAL_EXPORTED,
aligned_struct_type, "global");
gcc_jit_rvalue *val
= gcc_jit_context_new_rvalue_from_int (ctxt, int_type, 42);
gcc_jit_rvalue *ctor
= gcc_jit_context_new_struct_constructor (ctxt, NULL,
aligned_struct_type,
1,
(gcc_jit_field *[]) {field},
(gcc_jit_rvalue *[]) {val});
gcc_jit_global_set_initializer_rvalue (global, ctor);
gcc_jit_result *res = gcc_jit_context_compile (ctxt);
gcc_jit_context_release (ctxt);
gcc_jit_result_release (res);
}
On my system, I get:
$ gcc -lgccjit struct.c && valgrind ./a.out
==1022902== Memcheck, a memory error detector
==1022902== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1022902== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==1022902== Command: ./a.out
==1022902==
==1022902== Invalid read of size 8
==1022902== at 0x4B7F3CF: get_fields (jit-recording.h:968)
==1022902== by 0x4B7F3CF: gcc_jit_context_new_struct_constructor
(libgccjit.cc:1436)
==1022902== by 0x4012F7: main (in /home/mnieper/tmp/a.out)
==1022902== Address 0x6fbbfc8 is 0 bytes after a block of size 56 alloc'd
==1022902== at 0x4843839: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==1022902== by 0x5EC26AB: operator new(unsigned long) (new_op.cc:50)
==1022902== by 0x4B90F47: gcc::jit::recording::type::get_aligned(unsigned
long) (jit-recording.cc:2295)
==1022902== by 0x4B853FE: gcc_jit_type_get_aligned (libgccjit.cc:3950)
==1022902== by 0x401278: main (in /home/mnieper/tmp/a.out)
==1022902==
==1022902== Invalid read of size 8
==1022902== at 0x4B7F3D3: length (vec.h:1473)
==1022902== by 0x4B7F3D3: length (jit-recording.h:1033)
==1022902== by 0x4B7F3D3: gcc_jit_context_new_struct_constructor
(libgccjit.cc:1437)
==1022902== by 0x4012F7: main (in /home/mnieper/tmp/a.out)
==1022902== Address 0x28 is not stack'd, malloc'd or (recently) free'd
==1022902==
==1022902==
==1022902== Process terminating with default action of signal 11 (SIGSEGV)
==1022902== Access not within mapped region at address 0x28
==1022902== at 0x4B7F3D3: length (vec.h:1473)
==1022902== by 0x4B7F3D3: length (jit-recording.h:1033)
==1022902== by 0x4B7F3D3: gcc_jit_context_new_struct_constructor
(libgccjit.cc:1437)
==1022902== by 0x4012F7: main (in /home/mnieper/tmp/a.out)
==1022902== If you believe this happened as a result of a stack
==1022902== overflow in your program's main thread (unlikely but
==1022902== possible), you can try to increase the size of the
==1022902== main thread stack using the --main-stacksize= flag.
==1022902== The main thread stack size used in this run was 8388608.
==1022902==
==1022902== HEAP SUMMARY:
==1022902== in use at exit: 79,354 bytes in 46 blocks
==1022902== total heap usage: 48 allocs, 2 frees, 79,466 bytes allocated
==1022902==
==1022902== LEAK SUMMARY:
==1022902== definitely lost: 0 bytes in 0 blocks
==1022902== indirectly lost: 0 bytes in 0 blocks
==1022902== possibly lost: 0 bytes in 0 blocks
==1022902== still reachable: 79,354 bytes in 46 blocks
==1022902== suppressed: 0 bytes in 0 blocks
==1022902== Rerun with --leak-check=full to see details of leaked memory
==1022902==
==1022902== For lists of detected and suppressed errors, rerun with: -s
==1022902== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Speicherzugriffsfehler (Speicherabzug geschrieben)
