Menu

Crash using direct initialization with curly braces

Development
Jeremy Singy
2021-07-22
2021-07-23

  • Jeremy Singy

    Jeremy Singy - 2021-07-22

    Hi,

    With the latest CppCheck 2.5, I have an issue when launching CppCheck on our codebase. This results in a crash (segfault). I could simplify the initial code (quite complicated and spreaded between multiple includes) to this minimal piece:

    namespace ns
{
  auto var{0};
}

namespace ns
{
  auto var2{0};
}

    When launching with cppcheck --enable=all --std=c++17 test.cpp, I get the segmentation fault. If I put var2 in the same namespace declaration, if I use copy-initialization (with =), or if I remove one of the two definitions, everything works fine.

    To get more insight about the issue, I launched a debug build (master) with the debugger to find the issue is coming from new code in symboldatabase.cpp. On line 5973, setValueType is called on a null Variable (because parent->previous()->variable() returns 0). I found this is new code introduced about 3 months ago in commit 4f43dbf954.

    Here the backtrace:

    0x0000555556019cf3 in Variable::setValueType (this=0x0, valueType=...) at /home/chsingj/Downloads/cppcheck/lib/symboldatabase.cpp:2070
2070        delete mValueType;
(gdb) bt
#0  0x0000555556019cf3 in Variable::setValueType (this=0x0, valueType=...) at /home/chsingj/Downloads/cppcheck/lib/symboldatabase.cpp:2070
#1  0x00005555560312b6 in SymbolDatabase::setValueType (this=0x55555659f270, tok=0x555556597850, valuetype=...)
    at /home/chsingj/Downloads/cppcheck/lib/symboldatabase.cpp:5973
#2  0x0000555556033ca8 in SymbolDatabase::setValueTypeInTokenList (this=0x55555659f270, reportDebugWarnings=false, tokens=0x555556598f40)
    at /home/chsingj/Downloads/cppcheck/lib/symboldatabase.cpp:6351
#3  0x000055555600b8d2 in SymbolDatabase::SymbolDatabase (this=0x55555659f270, tokenizer=0x7fffffffb8b0, settings=0x7fffffffcbc8,
    errorLogger=0x7fffffffc990) at /home/chsingj/Downloads/cppcheck/lib/symboldatabase.cpp:70
#4  0x000055555611125d in Tokenizer::createSymbolDatabase (this=0x7fffffffb8b0) at /home/chsingj/Downloads/cppcheck/lib/tokenize.cpp:11901
#5  0x00005555560d965b in Tokenizer::simplifyTokens1 (this=0x7fffffffb8b0, configuration="") at /home/chsingj/Downloads/cppcheck/lib/tokenize.cpp:2770
#6  0x0000555555ed6b06 in CppCheck::checkFile (this=0x7fffffffc990, filename="cppcheck-issue.cpp", cfgname="", fileStream=...)
    at /home/chsingj/Downloads/cppcheck/lib/cppcheck.cpp:804
#7  0x0000555555ed35d9 in CppCheck::check (this=0x7fffffffc990, path="cppcheck-issue.cpp") at /home/chsingj/Downloads/cppcheck/lib/cppcheck.cpp:503
#8  0x0000555555c97694 in CppCheckExecutor::check_internal (this=0x7fffffffde50, cppcheck=..., argv=0x7fffffffe228)
    at /home/chsingj/Downloads/cppcheck/cli/cppcheckexecutor.cpp:928
#9  0x0000555555c95a68 in CppCheckExecutor::check (this=0x7fffffffde50, argc=4, argv=0x7fffffffe228)
    at /home/chsingj/Downloads/cppcheck/cli/cppcheckexecutor.cpp:237
#10 0x0000555555c80db2 in main (argc=4, argv=0x7fffffffe228) at /home/chsingj/Downloads/cppcheck/cli/main.cpp:95

    Thanks for having a look on it!

    Jeremy

     

    Last edit: Jeremy Singy 2021-07-22

  • Daniel Marjamäki

    Daniel Marjamäki - 2021-07-23

    Thanks! I can reproduce. I will look at it...

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.