Crash in Token::tokAt():
Static source code analysis tool for C and C++ code
Brought to you by:
danielmarjamaki
Menu
▾
▴
Hello,
I just recently pushed 1.87 into Fedora. Someone using the program got a program crash which was reported via the abort daemon. You can see the back trace here:
https://bugzilla.redhat.com/show_bug.cgi?id=1679121
It looks like its related to commit 9490d0db8c323c16933da54e1c3621da1e9c335f but a different path resulting in the same crash. Is there another commit that also addresses this? Thanks!
I get "Bug Access Denied". Not sure if someone from the Cppcheck team has an account and also the necessary rights.
Can you anonymize the bug report somehow if necessary and post it here maybe?
Hmm. Sorry about that. There is a retrace server instance here:
https://retrace.fedoraproject.org/faf/reports/2470624/
Backtrace is:
Thread no. 1 (10 frames)
0 Token::tokAt at /usr/src/debug/cppcheck-1.87-1.fc29.x86_64/lib/token.cpp:332
2 TemplateSimplifier::simplifyTemplateAliases at /usr/src/debug/cppcheck-1.87-1.fc29.x86_64/lib/templatesimplifier.cpp:931
3 TemplateSimplifier::simplifyTemplates at /usr/src/debug/cppcheck-1.87-1.fc29.x86_64/lib/templatesimplifier.cpp:3106
4 Tokenizer::simplifyTemplates at /usr/src/debug/cppcheck-1.87-1.fc29.x86_64/lib/tokenize.cpp:2336
5 Tokenizer::simplifyTokenList1 at /usr/src/debug/cppcheck-1.87-1.fc29.x86_64/lib/tokenize.cpp:3911
6 Tokenizer::simplifyTokens1 at /usr/include/c++/8/bits/basic_string.h:2290
7 CppCheck::checkFile at /usr/src/debug/cppcheck-1.87-1.fc29.x86_64/lib/cppcheck.cpp:406
8 CppCheck::check at /usr/include/c++/8/bits/basic_string.h:936
9 CppCheckExecutor::check_internal at /usr/include/c++/8/ext/aligned_buffer.h:74
10 CppCheckExecutor::check at /usr/src/debug/cppcheck-1.87-1.fc29.x86_64/cli/cppcheckexecutor.cpp:198
Description of problem:
1. running cppcheck using --project option from buildbot on internal project
2. failed on checking https://github.com/rbock/sqlpp11-connector-sqlite3
Hope this helps...
hmm.. I fail to reproduce when I scan that project without --project. Then I tried to create the compile commands with cmake but it fails, it seems there are missing dependencies.. sorry but I won't look into reproducing this further. But maybe somebody else will.
I am interested to have a single file that reproduce the problem. It should be a reduced file so we can create a regression test.
Last edit: Daniel Marjamäki 2019-02-21
I have downloaded the source code of the master branch.
I am able to create the compile_commands.json by using the commands like they are used by travis and let Cppcheck analyze the project.
It took some time to analyze the 14 files but it finished without problems:
Tested with Cygwin 64 on Windows 7 64bit with Cppcheck master branch.
Argh. I guess the text length of my previous post triggered some moderation limit.
In short:
I was able to create a compile_commands.json via cmake on Cygwin 64.
I analyzed the sources with the --project option of Cppcheck but it finished successfully.
I am trying other parameters now, but analysis takes some time.
I can reproduce the segfault with 1.87, but not with git head. So it seems to be fixed now.
I have created one big file with Cppchecks
-Eparameter that causes Cppcheck 1.87 to segfault.The backtrace for this segfault is this:
I attach the segfault.cpp in a zip file. It is over 7MB in size.
I do not know how to further debug this and create a reduced example.