Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SR-8483] Assertion failures when using swift-demangle on crafted strings #51004

Closed
swift-ci opened this issue Aug 7, 2018 · 2 comments
Closed

[SR-8483] Assertion failures when using swift-demangle on crafted strings #51004

swift-ci opened this issue Aug 7, 2018 · 2 comments
Assignees
@eeckstein
Labels
bug A deviation from expected or documented behavior. Also: expected but undesirable behavior. compiler The Swift compiler in itself mangling Area → compiler: Mangling

Comments

@swift-ci
Copy link
Collaborator

swift-ci commented Aug 7, 2018

Previous ID SR-8483
Radar None
Original Reporter hongxuchen (JIRA User)
Type Bug
Status Resolved
Resolution Done
Environment

Swift version 4.2-dev (LLVM a4d539e482, Clang 773ac0251a, Swift f1e9a04)

x86_64-unknown-linux-gnu

Additional Detail from JIRA
Votes 0
Component/s Compiler
Labels Bug, Mangling
Assignee @eeckstein
Priority Medium

md5: d19e3c3b8e1ed9b561a0b15c11647c58

Issue Description:

Our fuzzer detected a few assertion failures on swift-demangle.

lib/Demangling/Demangler.cpp:369: void swift::Demangle::CharVector::append(int, swift::Demangle::NodeFactory &): Assertion `Length > 0 && Length < MaxIntPrintSize' failed

Input string:

$SRd80000000__ # others like $SRd40000000__

gdb output:

Reading symbols from /home/hongxu/FOT/SWIFT/build/Ninja-RelWithDebInfoAssert+asan/swift-linux-x86_64/bin/swift-demangle...done.
(gdb) run '$SRd80000000__%'
Starting program: /home/hongxu/FOT/SWIFT/build/Ninja-RelWithDebInfoAssert+asan/swift-linux-x86_64/bin/swift-demangle '$SRd80000000__%'
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
swift-demangle: /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:369: void swift::Demangle::CharVector::append(int, swift::Demangle::NodeFactory &): Assertion `Length > 0 && Length < MaxIntPrintSize' failed.
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#&#8203;0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#&#8203;1 0x00007ffff6264801 in __GI_abort () at abort.c:79
#&#8203;2 0x00007ffff625439a in __assert_fail_base (fmt=0x7ffff63db7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0xa14e20 <.str.16> "Length > 0 && Length < MaxIntPrintSize", 
 file=file@entry=0xa149c0 <.str.8> "/home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp", line=line@entry=369, 
 function=function@entry=0xa14e80 <__PRETTY_FUNCTION__._ZN5swift8Demangle10CharVector6appendEiRNS0_11NodeFactoryE> "void swift::Demangle::CharVector::append(int, swift::Demangle::NodeFactory &)") at assert.c:92
#&#8203;3 0x00007ffff6254412 in __GI___assert_fail (assertion=0xa14e20 <.str.16> "Length > 0 && Length < MaxIntPrintSize", file=0xa149c0 <.str.8> "/home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp", line=369, 
 function=0xa14e80 <__PRETTY_FUNCTION__._ZN5swift8Demangle10CharVector6appendEiRNS0_11NodeFactoryE> "void swift::Demangle::CharVector::append(int, swift::Demangle::NodeFactory &)") at assert.c:101
#&#8203;4 0x000000000053f678 in swift::Demangle::CharVector::append (this=0x7fffffffb140, Number=<optimized out>, Factory=...) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:369
#&#8203;5 0x000000000058c6bb in swift::Demangle::Demangler::getDependentGenericParamType (this=<optimized out>, depth=80000002, index=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:1660
#&#8203;6 0x0000000000568e00 in swift::Demangle::Demangler::demangleGenericRequirement (this=0x616000000080) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:2570
#&#8203;7 0x0000000000540fa8 in swift::Demangle::Demangler::parseAndPushNodes (this=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:452
#&#8203;8 swift::Demangle::Demangler::demangleSymbol (this=<optimized out>, MangledName=...) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:410
#&#8203;9 0x000000000052a827 in demangle (os=..., name=..., DCtx=..., options=...) at /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:93
#&#8203;10 0x0000000000527c7f in main (argc=<optimized out>, argv=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:219
(gdb) run '$SRd40000000__%'
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/hongxu/FOT/SWIFT/build/Ninja-RelWithDebInfoAssert+asan/swift-linux-x86_64/bin/swift-demangle '$SRd40000000__%'
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
swift-demangle: /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:369: void swift::Demangle::CharVector::append(int, swift::Demangle::NodeFactory &): Assertion `Length > 0 && Length < MaxIntPrintSize' failed.
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#&#8203;0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#&#8203;1 0x00007ffff6264801 in __GI_abort () at abort.c:79
#&#8203;2 0x00007ffff625439a in __assert_fail_base (fmt=0x7ffff63db7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0xa14e20 <.str.16> "Length > 0 && Length < MaxIntPrintSize", 
 file=file@entry=0xa149c0 <.str.8> "/home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp", line=line@entry=369, 
 function=function@entry=0xa14e80 <__PRETTY_FUNCTION__._ZN5swift8Demangle10CharVector6appendEiRNS0_11NodeFactoryE> "void swift::Demangle::CharVector::append(int, swift::Demangle::NodeFactory &)") at assert.c:92
#&#8203;3 0x00007ffff6254412 in __GI___assert_fail (assertion=0xa14e20 <.str.16> "Length > 0 && Length < MaxIntPrintSize", file=0xa149c0 <.str.8> "/home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp", line=369, 
 function=0xa14e80 <__PRETTY_FUNCTION__._ZN5swift8Demangle10CharVector6appendEiRNS0_11NodeFactoryE> "void swift::Demangle::CharVector::append(int, swift::Demangle::NodeFactory &)") at assert.c:101
#&#8203;4 0x000000000053f678 in swift::Demangle::CharVector::append (this=0x7fffffffb140, Number=<optimized out>, Factory=...) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:369
#&#8203;5 0x000000000058c6bb in swift::Demangle::Demangler::getDependentGenericParamType (this=<optimized out>, depth=40000002, index=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:1660
#&#8203;6 0x0000000000568e00 in swift::Demangle::Demangler::demangleGenericRequirement (this=0x616000000080) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:2570
#&#8203;7 0x0000000000540fa8 in swift::Demangle::Demangler::parseAndPushNodes (this=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:452
#&#8203;8 swift::Demangle::Demangler::demangleSymbol (this=<optimized out>, MangledName=...) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:410
#&#8203;9 0x000000000052a827 in demangle (os=..., name=..., DCtx=..., options=...) at /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:93
#&#8203;10 0x0000000000527c7f in main (argc=<optimized out>, argv=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:219

lib/Demangling/Demangler.cpp:275: void swift::Demangle::Node::addChild(swift::Demangle::NodePointer, swift::Demangle::NodeFactory &): Assertion `Child && "adding null child!"' failed

input string:

_TVGVGSS_2v0 # others like _TVGVGSS_2S0

gdb output:

Reading symbols from /home/hongxu/FOT/SWIFT/build/Ninja-RelWithDebInfoAssert+asan/swift-linux-x86_64/bin/swift-demangle...done.
(gdb) run _TVGVGSS_2v0
Starting program: /home/hongxu/FOT/SWIFT/build/Ninja-RelWithDebInfoAssert+asan/swift-linux-x86_64/bin/swift-demangle _TVGVGSS_2v0
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
swift-demangle: /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:275: void swift::Demangle::Node::addChild(swift::Demangle::NodePointer, swift::Demangle::NodeFactory &): Assertion `Child && "adding null child!"' failed.
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#&#8203;0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#&#8203;1 0x00007ffff6264801 in __GI_abort () at abort.c:79
#&#8203;2 0x00007ffff625439a in __assert_fail_base (fmt=0x7ffff63db7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0xa14980 <.str.7> "Child && \"adding null child!\"", 
 file=file@entry=0xa149c0 <.str.8> "/home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp", line=line@entry=275, 
 function=function@entry=0xa14a20 <__PRETTY_FUNCTION__._ZN5swift8Demangle4Node8addChildEPS1_RNS0_11NodeFactoryE> "void swift::Demangle::Node::addChild(swift::Demangle::NodePointer, swift::Demangle::NodeFactory &)") at assert.c:92
#&#8203;3 0x00007ffff6254412 in __GI___assert_fail (assertion=0xa14980 <.str.7> "Child && \"adding null child!\"", file=0xa149c0 <.str.8> "/home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp", line=275, 
 function=0xa14a20 <__PRETTY_FUNCTION__._ZN5swift8Demangle4Node8addChildEPS1_RNS0_11NodeFactoryE> "void swift::Demangle::Node::addChild(swift::Demangle::NodePointer, swift::Demangle::NodeFactory &)") at assert.c:101
#&#8203;4 0x000000000053aef8 in swift::Demangle::Node::addChild (this=0x6250000002d8, Child=<optimized out>, Factory=...) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:275
#&#8203;5 0x000000000062755f in (anonymous namespace)::OldDemangler::demangleBoundGenericArgs (this=0x7fffffffb1a0, nominalType=0x0) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:1024
#&#8203;6 0x000000000060965a in (anonymous namespace)::OldDemangler::demangleDeclarationName (this=0x7fffffffb1a0, kind=swift::Demangle::Node::Kind::Structure) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:936
#&#8203;7 0x00000000005fa409 in (anonymous namespace)::OldDemangler::demangleGlobal (this=0x7fffffffb1a0) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:480
#&#8203;8 0x00000000005f5a69 in (anonymous namespace)::OldDemangler::demangleTopLevel (this=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:230
#&#8203;9 swift::Demangle::demangleOldSymbolAsNode (MangledName=..., Factory=...) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:2284
#&#8203;10 0x000000000052a827 in demangle (os=..., name=..., DCtx=..., options=...) at /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:93
#&#8203;11 0x0000000000527c7f in main (argc=<optimized out>, argv=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:219
(gdb) run _TVGVGSS_2S0
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/hongxu/FOT/SWIFT/build/Ninja-RelWithDebInfoAssert+asan/swift-linux-x86_64/bin/swift-demangle _TVGVGSS_2S0
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
swift-demangle: /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:275: void swift::Demangle::Node::addChild(swift::Demangle::NodePointer, swift::Demangle::NodeFactory &): Assertion `Child && "adding null child!"' failed.
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#&#8203;0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#&#8203;1 0x00007ffff6264801 in __GI_abort () at abort.c:79
#&#8203;2 0x00007ffff625439a in __assert_fail_base (fmt=0x7ffff63db7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0xa14980 <.str.7> "Child && \"adding null child!\"", 
 file=file@entry=0xa149c0 <.str.8> "/home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp", line=line@entry=275, 
 function=function@entry=0xa14a20 <__PRETTY_FUNCTION__._ZN5swift8Demangle4Node8addChildEPS1_RNS0_11NodeFactoryE> "void swift::Demangle::Node::addChild(swift::Demangle::NodePointer, swift::Demangle::NodeFactory &)") at assert.c:92
#&#8203;3 0x00007ffff6254412 in __GI___assert_fail (assertion=0xa14980 <.str.7> "Child && \"adding null child!\"", file=0xa149c0 <.str.8> "/home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp", line=275, 
 function=0xa14a20 <__PRETTY_FUNCTION__._ZN5swift8Demangle4Node8addChildEPS1_RNS0_11NodeFactoryE> "void swift::Demangle::Node::addChild(swift::Demangle::NodePointer, swift::Demangle::NodeFactory &)") at assert.c:101
#&#8203;4 0x000000000053aef8 in swift::Demangle::Node::addChild (this=0x6250000002d8, Child=<optimized out>, Factory=...) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:275
#&#8203;5 0x000000000062755f in (anonymous namespace)::OldDemangler::demangleBoundGenericArgs (this=0x7fffffffb1a0, nominalType=0x0) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:1024
#&#8203;6 0x000000000060965a in (anonymous namespace)::OldDemangler::demangleDeclarationName (this=0x7fffffffb1a0, kind=swift::Demangle::Node::Kind::Structure) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:936
#&#8203;7 0x00000000005fa409 in (anonymous namespace)::OldDemangler::demangleGlobal (this=0x7fffffffb1a0) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:480
#&#8203;8 0x00000000005f5a69 in (anonymous namespace)::OldDemangler::demangleTopLevel (this=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:230
#&#8203;9 swift::Demangle::demangleOldSymbolAsNode (MangledName=..., Factory=...) at /home/hongxu/FOT/SWIFT/swift/lib/Demangling/OldDemangler.cpp:2284
#&#8203;10 0x000000000052a827 in demangle (os=..., name=..., DCtx=..., options=...) at /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:93
#&#8203;11 0x0000000000527c7f in main (argc=<optimized out>, argv=<optimized out>) at /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:219
@belkadan
Copy link
Contributor

cc @eeckstein

@eeckstein
Copy link
Member

fixed in #19152

@swift-ci swift-ci transferred this issue from apple/swift-issues Apr 25, 2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eeckstein eeckstein

Labels
bug A deviation from expected or documented behavior. Also: expected but undesirable behavior. compiler The Swift compiler in itself mangling Area → compiler: Mangling
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@belkadan @eeckstein @swift-ci