| Issue |
165557
|
| Summary |
[clang-fuzzer] Crash in `clang::ASTContext::getTypeInfo`
|
| Labels |
clang
|
| Assignees |
|
| Reporter |
gal1ium
|
Hi, while testing clang by the fuzzing driver `clang-fuzzer`, it found a crashing case:
Version: 531fd45e9238d0485e3268aaf14ae15d01c7740f
Flags:
```
mkdir build
cd build
cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_PROJECTS="lld;clang;compiler-rt" ../llvm -DLLVM_ENABLE_ASSERTIONS=ON -DLLVM_BUILD_RUNTIME=Off -DLLVM_BUILD_INSTRUMENTED_COVERAGE=On -DLLVM_LIB_FUZZING_ENGINE=$LIB_FUZZING_ENGINE -DCLANG_ENABLE_PROTO_FUZZER=ON
ninja clang-fuzzer
```
PoC:
```c
template<typename...Ts>oid Pac00nsideLocal0lass(){[]{f class L0{Ts t};L0 l}}template oid Pac00nsideLocal0lass<>(;
```
Reproduction:
`./bin/clang-fuzzer ./poc`
Crashing thread backtrace: (it looks like a recursive stack overflow)
```
#0 0x000055555cac9623 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1966
#1 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
#2 0x000055555cac97e7 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1972
#3 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
#4 0x000055555cac97e7 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1972
#5 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
#6 0x000055555cac97e7 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1972
#7 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
#8 0x000055555cac97e7 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1972
#9 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
#10 0x000055555cac97e7 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1972
#11 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
#12 0x000055555cac97e7 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1972
#13 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
#14 0x000055555cac97e7 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1972
#15 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
#16 0x000055555cac97e7 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1972
#17 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
#18 0x000055555cac97e7 in clang::ASTContext::getTypeInfo (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:1972
#19 0x000055555cae481f in clang::ASTContext::getTypeInfoImpl (fuzz-binaries/clang-fuzzer)
at /src/llvm/clang/lib/AST/ASTContext.cpp:2465
```
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
