Actions
Bug #13767
closed
Dumping C++ demangling state can trigger ASSERT
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
Description
After #13727, when using the undocumented DEMANGLE_DEBUG environment variable to verify some demangling cases, I tripped the following assert:
assertion failed for thread 0xfef92a40, thread-id 1: !name_empty(n), file ../common/cxx_util.c, line 156
This turns out to be somewhat trivial to recreate -- simply run DEMANGLE_DEBUG=1 demangle '_Z'.
The relevant stack is:
feec21e3 syscall (803b590, 320, f0d960a8, fef20000, 803b5f5, fef20000) + 13 feea0e2d __set_panicstr (803b590) feea1dd0 _assfail (fef5ed9e, fef5ed79, 9c) + 1a0 feea1ec7 assfail3 (fef5ed9e, fef5ed79, 9c, fef40800, fef60078, fedf2b38) fef540fd name_at (803ba0c, 0) + 99 fef5436b name_top (803ba0c) + 1c fef5c766 print_name (803ba0c, 8062310) + 1f fef5cb80 dump (803b9e0, 8062310) + 18
From that, the cause is fairly clear:
static void
print_name(const name_t *n, FILE *out)
{
const str_pair_t *sp = name_top((name_t *)n);
size_t i;
(void) fprintf(out, "Name:\n");
if (name_len(n) == 0)
return;
...
We shouldn't assign sp until we've verified that n isn't empty.
Updated by Jason King about 1 year ago
To test, I tried to recreate the assert with the change in place. I was not able to re-trigger the assert.
Updated by Electric Monk about 1 year ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit 6bb387f32ea92818dd741fd3f0164ceb3a2e989e
commit 6bb387f32ea92818dd741fd3f0164ceb3a2e989e
Author: Jason King <jason.brian.king@gmail.com>
Date: 2021-05-01T17:25:32.000Z
13767 Dumping C++ demangling state can trigger ASSERT
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDonald <danmcd@joyent.com>
Actions