| Issue |
154361
|
| Summary |
`libclang.dll` crashes process on exit when unloaded
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
mrexodia
|
If you unload the latest `libclang.dll` from https://github.com/llvm/llvm-project/releases/download/llvmorg-21.1.0-rc3/LLVM-21.1.0-rc3-win64.exe (also happens for 20.x) the process crashes on exit. Minimal reproduction:
```cpp
#include <Windows.h>
int main() {
auto libclang = LoadLibraryW(L"libclang.dll");
FreeLibrary(libclang);
}
```
Here is a screenshot of a crash on Windows Sandbox (Windows 10 Pro 22H2 19045.6216), nothing installed (notably no MSVC runtime at all):
<img width="1522" height="789" alt="Image" src="" />
The crash is a DEP violation trying to execute a nonexistent region. This happens because the atexit function passed to `FlsAlloc` ceases to exist when you unload the DLL. Cross referencing this function on module load shows the following code:
<img width="1522" height="789" alt="Image" src="" />
You are expected to call `FlsFree` for all the slots during `DllMain` with the `DLL_PROCESS_DETACH` reason. Searching the LLVM codebase for `FlsAlloc` shows two occurrences:
- https://github.com/llvm/llvm-project/blob/d0dc3799b70bb6b51ed2e90b93f8ea5d4f30cef1/libcxx/src/support/win32/thread_win32.cpp#L199
- https://github.com/llvm/llvm-project/blob/d0dc3799b70bb6b51ed2e90b93f8ea5d4f30cef1/llvm/lib/Support/rpmalloc/rpmalloc.c#L3244
Looking at the disassembly around the `FlsAlloc` I see `OpenProcessToken`, which matches `rpmalloc`. There is an `FlsFree` in there, but it does not appear to be called correctly on `DLL_PROCESS_DETACH`.
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
