segfault in compiler when accessing field on incorrectly derefenced slice #1372

shawnl · 2018-08-11T13:49:28Z

shawn@shawn-desktop:~/git/zig/std/crypto$ lldb zig test chacha20.zig 
(lldb) target create "zig"
Current executable set to 'zig' (x86_64).
(lldb) settings set -- target.run-args  "test" "chacha20.zig"
(lldb) r
bProcess 1732 launched: '/home/shawn/bin/zig' (x86_64)
bProcess 1732 stopped
* thread #1, name = 'zig', stop reason = signal SIGSEGV: invalid address (fault address: 0x0)
    frame #0: 0x00007ffff37f6ed0 zig`type_is_invalid(TypeTableEntry*)
zig`type_is_invalid:
->  0x7ffff37f6ed0 <+0>: movl   (%rdi), %edx
    0x7ffff37f6ed2 <+2>: cmpl   $0x9, %edx
    0x7ffff37f6ed5 <+5>: je     0x7ffff37f6f08            ; <+56>
    0x7ffff37f6ed7 <+7>: jbe    0x7ffff37f6ef8            ; <+40>
(lldb) bt
* thread #1, name = 'zig', stop reason = signal SIGSEGV: invalid address (fault address: 0x0)
  * frame #0: 0x00007ffff37f6ed0 zig`type_is_invalid(TypeTableEntry*)
    frame #1: 0x00007ffff386713e zig`ir_analyze_instruction_field_ptr(IrAnalyze*, IrInstructionFieldPtr*) + 110
    frame #2: 0x00007ffff386983a zig`ir_analyze_instruction_nocast(IrAnalyze*, IrInstruction*) + 5402
    frame #3: 0x00007ffff386ac3a zig`ir_analyze(CodeGen*, IrExecutable*, IrExecutable*, TypeTableEntry*, AstNode*) + 250
    frame #4: 0x00007ffff3805575 zig`analyze_fn_ir(CodeGen*, FnTableEntry*, AstNode*) + 53
    frame #5: 0x00007ffff3806322 zig`semantic_analyze(CodeGen*) + 482
    frame #6: 0x00007ffff382c1f9 zig`codegen_build(CodeGen*) + 1081
    frame #7: 0x00007ffff376c9d1 zig`main + 7313
    frame #8: 0x00007ffff65d669d zig`__libc_start_main(main=(zig`main), argc=3, argv=0x00007fffffffe098) at __libc_start_main.c:74
    frame #9: 0x00007ffff37f4567 zig`__dls2(base=<unavailable>, sp=<unavailable>) at rcrt1.c:14
    frame #10: 0x00007ffff37f43f5 zig`_start + 22

program: https://gist.github.com/shawnl/8ebb7bab14658cfa4b38b203b9ec618e

The text was updated successfully, but these errors were encountered:

tiehuis · 2018-08-12T00:26:53Z

Reduced test case. The problem here is when referencing a child member of a slice after de-referencing it.

fn add(a: []u8) void {
    const b = a.*.len;
}

pub fn main() void {
    var r: [10]u8 = undefined;
    add(r[0..]);
}

Instead we should emit a compile error as is currently the case when trying to deference the slice without accessing a member.

fn add(a: []u8) void {
    const b = a.*;
}

pub fn main() void {
    var r: [10]u8 = undefined;
    add(r[0..]);
}

results in

/tmp/t.zig:2:16: error: attempt to dereference non-pointer type '[]u8'
    const b = a.*;

shawnl mentioned this issue Aug 11, 2018

std/crypto: add chacha20 #1369

Merged

shawnl changed the title ~~segfault in zig compiler~~ null pointer dereference in zig compiler Aug 11, 2018

tiehuis changed the title ~~null pointer dereference in zig compiler~~ segfault when accessing field on incorrectly derefenced slice Aug 12, 2018

tiehuis added the bug Observed behavior contradicts documented or intended behavior label Aug 12, 2018

tiehuis added this to the 0.3.0 milestone Aug 12, 2018

shawnl changed the title ~~segfault when accessing field on incorrectly derefenced slice~~ segfault in compiler when accessing field on incorrectly derefenced slice Aug 12, 2018

andrewrk closed this as completed in c1af360 Sep 18, 2018

andrewrk mentioned this issue Sep 25, 2018

Dereference then field access on an optional ptr => segfault #1490

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

segfault in compiler when accessing field on incorrectly derefenced slice #1372

segfault in compiler when accessing field on incorrectly derefenced slice #1372

shawnl commented Aug 11, 2018

tiehuis commented Aug 12, 2018

segfault in compiler when accessing field on incorrectly derefenced slice #1372

segfault in compiler when accessing field on incorrectly derefenced slice #1372

Comments

shawnl commented Aug 11, 2018

tiehuis commented Aug 12, 2018