[llvm-bugs] [Bug 138096] [clangd] Crash on textDocument/hover with incomplete code

LLVM Bugs via llvm-bugs Thu, 01 May 2025 00:58:57 -0700

Issue	138096
Summary	[clangd] Crash on textDocument/hover with incomplete code
Labels	new issue
Assignees
Reporter	henryhchchc

    Crate a file `main.h` with the following content.

```c


import ;
int a = TEST(svtbl2,_s32,,);

```

Hovering on the equal sign cause a crash. The raw request is 
```json
{
 "jsonrpc": "2.0",
  "id": 8,
  "method": "textDocument/hover",
 "params": {
    "textDocument": {
      "uri": "file:///tmp/export/input_8/workspace/main.h"
    },
    "position": {
      "line": 2,
      "character": 6
    }
  }
}
```

The crash stack is
```
=================================================================
==417==ERROR: AddressSanitizer: unknown-crash on address 0x7f02ecaa0060 at pc 0x000006afe8d4 bp 0x7f02ee2cbcb0 sp 0x7f02ee2cbca8
READ of size 8 at 0x7f02ecaa0060 thread T130
    #0 0x6afe8d3 in (anonymous namespace)::StmtPrinter::VisitCharacterLiteral(clang::CharacterLiteral*) /src/clang/lib/AST/StmtPrinter.cpp:1399:62
    #1 0x6afe8d3 in clang::StmtVisitorBase<std::add_pointer, (anonymous namespace)::StmtPrinter, void>::Visit(clang::Stmt*) /src/build/tools/clang/include/clang/AST/StmtNodes.inc:524:1
    #2 0x6b4b8e4 in (anonymous namespace)::StmtPrinter::Visit(clang::Stmt*) /src/clang/lib/AST/StmtPrinter.cpp:150:38
    #3 0x6b4b8e4 in (anonymous namespace)::StmtPrinter::PrintExpr(clang::Expr*) /src/clang/lib/AST/StmtPrinter.cpp:136:9
    #4 0x6b4b8e4 in (anonymous namespace)::StmtPrinter::PrintCallArgs(clang::CallExpr*) /src/clang/lib/AST/StmtPrinter.cpp:1700:5
    #5 0x6b1a57e in (anonymous namespace)::StmtPrinter::VisitCallExpr(clang::CallExpr*) /src/clang/lib/AST/StmtPrinter.cpp:1707:3
    #6 0x6afd7e9 in (anonymous namespace)::StmtPrinter::Visit(clang::Stmt*) /src/clang/lib/AST/StmtPrinter.cpp:150:38
    #7 0x6afd7e9 in clang::Stmt::printPretty(llvm::raw_ostream&, clang::PrinterHelper*, clang::PrintingPolicy const&, unsigned int, llvm::StringRef, clang::ASTContext const*) const /src/clang/lib/AST/StmtPrinter.cpp:2912:5
 #8 0x61f8e48 in (anonymous namespace)::DeclPrinter::VisitVarDecl(clang::VarDecl*) /src/clang/lib/AST/DeclPrinter.cpp:997:13
    #9 0x62075ab in clang::Decl::print(llvm::raw_ostream&, clang::PrintingPolicy const&, unsigned int, bool) const /src/clang/lib/AST/DeclPrinter.cpp:139:11
    #10 0x8ccd110 in clang::clangd::(anonymous namespace)::printDefinition[abi:cxx11](clang::Decl const*, clang::PrintingPolicy, clang::syntax::TokenBuffer const&) /src/clang-tools-extra/clangd/Hover.cpp:152:6
    #11 0x8ccd110 in clang::clangd::(anonymous namespace)::getHoverContents(clang::NamedDecl const*, clang::PrintingPolicy const&, clang::clangd::SymbolIndex const*, clang::syntax::TokenBuffer const&) /src/clang-tools-extra/clangd/Hover.cpp:674:19
    #12 0x8ccd110 in clang::clangd::getHover(clang::clangd::ParsedAST&, clang::clangd::Position, clang::format::FormatStyle const&, clang::clangd::SymbolIndex const*) /src/clang-tools-extra/clangd/Hover.cpp:1367:14
    #13 0x8a5a6b3 in clang::clangd::ClangdServer::findHover(llvm::StringRef, clang::clangd::Position, llvm::unique_function<void (llvm::Expected<std::optional<clang::clangd::HoverInfo>>)>)::$_0::operator()(llvm::Expected<clang::clangd::InputsAndAST>) /src/clang-tools-extra/clangd/ClangdServer.cpp:841:8
    #14 0x8a5a6b3 in void llvm::detail::UniqueFunctionBase<void, llvm::Expected<clang::clangd::InputsAndAST>>::CallImpl<clang::clangd::ClangdServer::findHover(llvm::StringRef, clang::clangd::Position, llvm::unique_function<void (llvm::Expected<std::optional<clang::clangd::HoverInfo>>)>)::$_0>(void*, llvm::Expected<clang::clangd::InputsAndAST>&) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #15 0x8f98ef2 in llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndAST>)>::operator()(llvm::Expected<clang::clangd::InputsAndAST>) /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #16 0x8f98ef2 in clang::clangd::(anonymous namespace)::ASTWorker::runWithAST(llvm::StringRef, llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndAST>)>, clang::clangd::TUScheduler::ASTActionInvalidation)::$_0::operator()() /src/clang-tools-extra/clangd/TUScheduler.cpp:1013:5
    #17 0x8f98ef2 in void llvm::detail::UniqueFunctionBase<void>::CallImpl<clang::clangd::(anonymous namespace)::ASTWorker::runWithAST(llvm::StringRef, llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndAST>)>, clang::clangd::TUScheduler::ASTActionInvalidation)::$_0>(void*) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #18 0x8fa6e9f in llvm::function_ref<void ()>::operator()() const /src/llvm/include/llvm/ADT/STLFunctionalExtras.h:69:12
    #19 0x8fa6e9f in clang::clangd::(anonymous namespace)::ASTWorker::runTask(llvm::StringRef, llvm::function_ref<void ()>) /src/clang-tools-extra/clangd/TUScheduler.cpp:1328:3
    #20 0x8fb0e10 in clang::clangd::(anonymous namespace)::ASTWorker::run() /src/clang-tools-extra/clangd/TUScheduler.cpp:1462:7
    #21 0x8fb0e10 in clang::clangd::(anonymous namespace)::ASTWorker::create(llvm::StringRef, clang::clangd::GlobalCompilationDatabase const&, clang::clangd::TUScheduler::ASTCache&, clang::clangd::TUScheduler::HeaderIncluderCache&, clang::clangd::AsyncTaskRunner*, clang::clangd::Semaphore&, clang::clangd::TUScheduler::Options const&, clang::clangd::ParsingCallbacks&)::$_0::operator()() const /src/clang-tools-extra/clangd/TUScheduler.cpp:826:42
    #22 0x8fb0e10 in void llvm::detail::UniqueFunctionBase<void>::CallImpl<clang::clangd::(anonymous namespace)::ASTWorker::create(llvm::StringRef, clang::clangd::GlobalCompilationDatabase const&, clang::clangd::TUScheduler::ASTCache&, clang::clangd::TUScheduler::HeaderIncluderCache&, clang::clangd::AsyncTaskRunner*, clang::clangd::Semaphore&, clang::clangd::TUScheduler::Options const&, clang::clangd::ParsingCallbacks&)::$_0>(void*) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #23 0x92faab4 in llvm::unique_function<void ()>::operator()() /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #24 0x92faab4 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1::operator()() /src/clang-tools-extra/clangd/support/Threading.cpp:101:5
    #25 0x92faab4 in auto void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...)::operator()<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(auto&&, auto&&...) const /src/llvm/include/llvm/Support/thread.h:43:11
    #26 0x92faab4 in auto std::__invoke_impl<void, void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(std::__invoke_other, void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...)&&, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61:14
 #27 0x92faab4 in std::__invoke_result<auto, auto...>::type std::__invoke<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(auto&&, auto&&...) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:96:14
 #28 0x92faab4 in decltype(auto) std::__apply_impl<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&, 0ul>(auto&&, std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&, std::integer_sequence<unsigned long, 0ul>) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2302:14
 #29 0x92faab4 in decltype(auto) std::apply<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&>(auto&&, std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2313:14
 #30 0x92faab4 in void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*) /src/llvm/include/llvm/Support/thread.h:41:5
    #31 0x92faab4 in void* llvm::thread::ThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*) /src/llvm/include/llvm/Support/thread.h:55:5
    #32 0x58765dc in asan_thread_start(void*) crtstuff.c
    #33 0x7f038b6f17e1 in start_thread (/lib64/libc.so.6+0x897e1) (BuildId: 7a40a22c9a82854f3d66767232ae364a99174860)
    #34 0x7f038b7767ff in __GI___clone3 (/lib64/libc.so.6+0x10e7ff) (BuildId: 7a40a22c9a82854f3d66767232ae364a99174860)

Address 0x7f02ecaa0060 is located in stack of thread T130 at offset 96 in frame
    #0 0x6afd54f in clang::Stmt::printPretty(llvm::raw_ostream&, clang::PrinterHelper*, clang::PrintingPolicy const&, unsigned int, llvm::StringRef, clang::ASTContext const*) const /src/clang/lib/AST/StmtPrinter.cpp:2910

 This frame has 3 object(s):
    [32, 48) 'NL.byval'
    [64, 72) '__dnew.i.i.i.i.i'
    [96, 176) 'P' (line 2911) <== Memory access at offset 96 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
 (longjmp and C++ exceptions *are* supported)
Thread T130 created by T0 here:
    #0 0x585fd95 in pthread_create (/src/build/bin/clangd+0x585fd95) (BuildId: c3ce5beed26c9a8a)
    #1 0x5dfe568 in llvm::llvm_execute_on_thread_impl(void* (*)(void*), void*, std::optional<unsigned int>) /src/llvm/lib/Support/Unix/Threading.inc:96:17
 #2 0x92fa751 in llvm::thread::thread<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>(std::optional<unsigned int>, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&&) /src/llvm/include/llvm/Support/thread.h:131:12
    #3 0x92fa751 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>) /src/clang-tools-extra/clangd/support/Threading.cpp:107:16
    #4 0x8fb9f5b in clang::clangd::(anonymous namespace)::ASTWorker::create(llvm::StringRef, clang::clangd::GlobalCompilationDatabase const&, clang::clangd::TUScheduler::ASTCache&, clang::clangd::TUScheduler::HeaderIncluderCache&, clang::clangd::AsyncTaskRunner*, clang::clangd::Semaphore&, clang::clangd::TUScheduler::Options const&, clang::clangd::ParsingCallbacks&) /src/clang-tools-extra/clangd/TUScheduler.cpp:825:12
    #5 0x8fb9f5b in clang::clangd::TUScheduler::update(llvm::StringRef, clang::clangd::ParseInputs, clang::clangd::WantDiagnostics) /src/clang-tools-extra/clangd/TUScheduler.cpp:1681:30
    #6 0x8a8637e in clang::clangd::ClangdServer::addDocument(llvm::StringRef, llvm::StringRef, llvm::StringRef, clang::clangd::WantDiagnostics, bool) /src/clang-tools-extra/clangd/ClangdServer.cpp:316:33
    #7 0x89d89f2 in clang::clangd::ClangdLSPServer::onDocumentDidOpen(clang::clangd::DidOpenTextDocumentParams const&) /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:726:11
    #8 0x8a1558f in void clang::clangd::LSPBinder::notification<clang::clangd::DidOpenTextDocumentParams, clang::clangd::ClangdLSPServer>(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::DidOpenTextDocumentParams const&))::'lambda'(llvm::json::Value)::operator()(llvm::json::Value) const /src/clang-tools-extra/clangd/LSPBinder.h:153:5
    #9 0x8a1537e in void llvm::detail::UniqueFunctionBase<void, llvm::json::Value>::CallImpl<void clang::clangd::LSPBinder::notification<clang::clangd::DidOpenTextDocumentParams, clang::clangd::ClangdLSPServer>(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::DidOpenTextDocumentParams const&))::'lambda'(llvm::json::Value)>(void*, llvm::json::Value&) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #10 0x8a3cc92 in llvm::unique_function<void (llvm::json::Value)>::operator()(llvm::json::Value) /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #11 0x8a3cc92 in clang::clangd::ClangdLSPServer::MessageHandler::onNotify(llvm::StringRef, llvm::json::Value) /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:219:7
 #12 0x8d76cc7 in clang::clangd::(anonymous namespace)::JSONTransport::handleMessage(llvm::json::Value, clang::clangd::Transport::MessageHandler&) /src/clang-tools-extra/clangd/JSONTransport.cpp:195:18
    #13 0x8d76cc7 in clang::clangd::(anonymous namespace)::JSONTransport::loop(clang::clangd::Transport::MessageHandler&) /src/clang-tools-extra/clangd/JSONTransport.cpp:119:16
    #14 0x8a47cd9 in clang::clangd::ClangdLSPServer::run() /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:1741:25
    #15 0x88915c9 in clang::clangd::clangdMain(int, char**) /src/clang-tools-extra/clangd/tool/ClangdMain.cpp:1049:28
    #16 0x7f038b6915cf in __libc_start_call_main (/lib64/libc.so.6+0x295cf) (BuildId: 7a40a22c9a82854f3d66767232ae364a99174860)

SUMMARY: AddressSanitizer: unknown-crash /src/clang/lib/AST/StmtPrinter.cpp:1399:62 in (anonymous namespace)::StmtPrinter::VisitCharacterLiteral(clang::CharacterLiteral*)
Shadow bytes around the buggy address:
  0x7f02eca9fd80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f02eca9fe00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f02eca9fe80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f02eca9ff00: f1 f1 f1 f1 f8 f2 f2 f2 f8 f8 f8 f8 f8 f2 f2 f2
 0x7f02eca9ff80: f2 f2 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
=>0x7f02ecaa0000: f1 f1 f1 f1 00 00 f2 f2 f8 f2 f2 f2[00]00 00 00
 0x7f02ecaa0080: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00
 0x7f02ecaa0100: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
 0x7f02ecaa0180: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
 0x7f02ecaa0200: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
 0x7f02ecaa0280: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region:       fd
  Stack left redzone:      f1
 Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone: f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone: bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==417==ABORTING

```

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

[llvm-bugs] [Bug 138096] [clangd] Crash on textDocument/hover with incomplete code

Reply via email to