segmentation fault with enable=all

[serval2412]

Hello,

On a file of Libreoffice (in attachment), i've got a segmentation fault with enable=all whereas it works without this option.

Julien.

[serval2412]

In fact, it happens as soon there is the style option enabled. So it works with the options "unusedFunction" and "missingInclude".
I attached another file which show a gdb backtrace (in fact, i cut the logs since there are too much of this : "lib/symboldatabase.cpp:1631").

[serval2412]

a very quick gdb debug session.

[serval2412]

I've seen that it was in a call in lib/cppcheck.cpp
in the block
// call all "runSimplifiedChecks" in all registered Check classes
The problem is in the "Class" check

(gdb) print (*it)->name()
$19 = {static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>},

_M_p = 0x81f3d94 "Bounds checking"}}

(gdb) until
298 (*it)->runSimplifiedChecks(&_tokenizer, &_settings, this);
(gdb) until
294 if (_settings.terminated())
(gdb) until
297 Timer timerSimpleChecks((*it)->name() + "::runSimplifiedChecks", _settings._showtime, &S_timerResults);
(gdb) print (*it)->name()
$20 = {static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>},

_M_p = 0x817258c "Class"}}

(gdb) until
298 (*it)->runSimplifiedChecks(&_tokenizer, &_settings, this);
(gdb) until

Program received signal SIGSEGV, Segmentation fault.
0x0806ca17 in std::vector<SymbolDatabase::BaseInfo?, std::allocator<SymbolDatabase::BaseInfo?> >::empty (this=0x81d7910)

at /usr/include/c++/4.4/bits/stl_vector.h:575

575 { return begin() == end(); }

Hope it helps, i keep on the debugging.

[serval2412]

It seems there's a pb with PaletteColorSpaceHolder? in the file.

[serval2412]

It seems there's a infinite loop with the recursive call of isVirtualFunc in lib/symboldatabase.cpp.
Each time the first "for" loop begins to 0. Perhaps, this loop should take a new parameter from the function.

So line 1582, instead of :
bool SymbolDatabase::isVirtualFunc(const SymbolDatabase::SpaceInfo? *info, const Token *functionToken) const
we'd have :
bool SymbolDatabase::isVirtualFunc(const SymbolDatabase::SpaceInfo? *info, const Token *functionToken, int iBegin) const

and line 1585 instead of this :

for (unsigned int i = 0; i < info->derivedFrom.size(); ++i)

we'd have:

for (unsigned int i = iBegin; i < info->derivedFrom.size(); ++i)

and line 1631 instead of this :
if (isVirtualFunc(derivedFrom, functionToken))
we'd have this :
if (isVirtualFunc(derivedFrom, functionToken, i))

then in lib/checkclass, line 980, we'd have this :

if (symbolDatabase->isVirtualFunc(info, func->tokenDef, 0)

[serval2412]

Patch which seems to work

[serval2412]

I saw 2 infinite recursive loops, I attached a patch to change these recursive loops. I've got no more segfault but you'd better check twice what I've done.

[robertreif]

Can you reduce the problem down to a simple example?

The code you supplies has class template member functions but no class or template definitions.

We need to figure out why the recursion is not terminating and fix that rather than just hiding the real bug.

[robertreif]

Here is a patch that fixes this problem.

[hyd_danmar]

I applied 2252.1.diff with:
https://github.com/danmar/cppcheck/commit/f90236a1833ca9cd1f505b2604d59c7b877f1386

[hyd_danmar]

I applied 2252.diff with:
https://github.com/danmar/cppcheck/commit/43dcc51752b35e78bac488f293fd1dd9bbb71ffc