[Bug c++/123918] New: ubsan error: null passed to a non-null argument in cexpr_str::extract, semantics.cc since r16-7104-gbb5ebc93732919

pheeck at gcc dot gnu.org via Gcc-bugs Mon, 02 Feb 2026 00:33:51 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123918


            Bug ID: 123918
           Summary: ubsan error: null passed to a non-null argument in
                    cexpr_str::extract, semantics.cc since
                    r16-7104-gbb5ebc93732919
           Product: gcc
           Version: 16.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: pheeck at gcc dot gnu.org
                CC: jakub at gcc dot gnu.org
            Blocks: 63426
  Target Milestone: ---
              Host: x86_64-pc-linux-gnu
            Target: x86_64-pc-linux-gnu

With an ubsan-instrumented GCC, compiling the testsuite test static_assert1.C:

UBSAN_OPTIONS="halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1"
ubsan-gcc src/gcc/testsuite/g++.dg/cpp26/static_assert1.C

results in

/home/worker/buildworker/tiber-gcc-ubsan/build/libcpp/charset.cc:619:10:
runtime error: null pointer passed as argument 2, which is declared to never be
null
    #0 0x000000bf5eae in convert_no_conversion
/home/worker/buildworker/tiber-gcc-ubsan/build/libcpp/charset.cc:619
    #1 0x0000095c32b4 in cpp_translate_string(cpp_reader*, cpp_string const*,
cpp_string*, cpp_ttype, bool)
/home/worker/buildworker/tiber-gcc-ubsan/build/libcpp/charset.cc:2775
    #2 0x0000017744b0 in cexpr_str::extract(unsigned long, char const*&, int&)
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/cp/semantics.cc:12863
    #3 0x00000177802d in finish_static_assert(tree_node*, tree_node*, unsigned
long, bool, bool, bool)
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/cp/semantics.cc:12967
    #4 0x00000150d621 in cp_parser_declaration
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/cp/parser.cc:17578
    #5 0x00000151ae14 in cp_parser_translation_unit
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/cp/parser.cc:5593
    #6 0x00000151ae14 in c_parse_file()
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/cp/parser.cc:57422
    #7 0x000001a82c69 in c_common_parse_file()
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/c-family/c-opts.cc:1422
    #8 0x0000038cef8d in compile_file
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/toplev.cc:455
    #9 0x000000c07888 in do_compile
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/toplev.cc:2225
    #10 0x000000c07888 in toplev::main(int, char**)
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/toplev.cc:2390
    #11 0x000000c0af5e in main
/home/worker/buildworker/tiber-gcc-ubsan/build/gcc/main.cc:39
    #12 0x7f779302b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa)
(BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
    #13 0x7f779302b3ca in __libc_start_main_impl (/lib64/libc.so.6+0x2b3ca)
(BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
    #14 0x000000c0bd64 in _start ../sysdeps/x86_64/start.S:115

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/home/worker/buildworker/tiber-gcc-ubsan/build/libcpp/charset.cc:619:10 
../../build/gcc/testsuite/g++.dg/cpp26/static_assert1.C:59: confused by earlier
errors, bailing out


Looks like cexpr_str::extract is passing a cpp_string with ->text NULL.  So my
guess is that this was introduced in r16-7104-gbb5ebc93732919.  Cc-ing jakub.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63426
[Bug 63426] [meta-bug] Issues found with -fsanitize=undefined

[Bug c++/123918] New: ubsan error: null passed to a non-null argument in cexpr_str::extract, semantics.cc since r16-7104-gbb5ebc93732919

Reply via email to