Created attachment 225273 [details] Fix null pointer accesses in brlcad's EntList During an exp-run for llvm 12 (see bug 255570), it turned out that cad/brlcad does not build with clang 12.0.0 [1]: [ 99% 4379/4403] cd /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/db/nist && /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/bin/step-g -O /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/share/db/nist/NIST_MBE_PMI_11.g /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/db/nist/NIST_MBE_PMI_11.stp > /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/db/nist/NIST_MBE_PMI_11.log 2>&1 FAILED: share/db/nist/NIST_MBE_PMI_11.g What happens is that the step-g intermediate program segfaults, because it attempts to access a null pointer. Valgrind shows: Reading Data from /wrkdirs/share/dim/ports/cad/brlcad/work/brlcad-7.30.2/db/nist/NIST_MBE_PMI_11.stp... HEADER read: ==24919== Invalid read of size 4 ==24919== at 0x1337BA10: EntList::firstNot(JoinType) (entlist.cc:39) ==24919== by 0x1337C93E: nextNot (complexSupport.h:185) ==24919== by 0x1337C93E: AndList::matchNonORs(EntNode*) (non-ors.cc:135) ==24919== by 0x1337B77C: ComplexList::matches(EntNode*) (complexlist.cc:176) ==24919== by 0x1337B36A: ComplexCollect::supports(EntNode*) const (collect.cc:140) ==24919== by 0x1335FA5A: STEPcomplex::Initialize(char const**, char const*) (STEPcomplex.cc:126) ==24919== by 0x1335F774: STEPcomplex::STEPcomplex(Registry*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const**, int, char const*) (STEPcomplex.cc:33) ==24919== by 0x1331842E: STEPfile::CreateSubSuperInstance(std::__1::basic_istream<char, std::__1::char_traits<char> >&, int, ErrorDescriptor&) (STEPfile.cc:1048) ==24919== by 0x13315E15: STEPfile::CreateInstance(std::__1::basic_istream<char, std::__1::char_traits<char> >&, std::__1::basic_ostream<char, std::__1::char_traits<char> >&) (STEPfile.cc:833) ==24919== by 0x133158B1: STEPfile::ReadData1(std::__1::basic_istream<char, std::__1::char_traits<char> >&) (STEPfile.cc:502) ==24919== by 0x13319EA8: STEPfile::AppendFile(std::__1::basic_istream<char, std::__1::char_traits<char> >*, bool) (STEPfile.cc:1674) ==24919== by 0x1331C984: STEPfile::ReadExchangeFile(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool) (STEPfile.inline.cc:119) ==24919== by 0x3AFDCE: STEPWrapper::load(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&) (STEPWrapper.cpp:1300) ==24919== Address 0x8 is not stack'd, malloc'd or (recently) free'd ==24919== ==24919== ==24919== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==24919== Access not within mapped region at address 0x8 ==24919== at 0x1337BA10: EntList::firstNot(JoinType) (entlist.cc:39) ==24919== by 0x1337C93E: nextNot (complexSupport.h:185) ==24919== by 0x1337C93E: AndList::matchNonORs(EntNode*) (non-ors.cc:135) ==24919== by 0x1337B77C: ComplexList::matches(EntNode*) (complexlist.cc:176) ==24919== by 0x1337B36A: ComplexCollect::supports(EntNode*) const (collect.cc:140) ==24919== by 0x1335FA5A: STEPcomplex::Initialize(char const**, char const*) (STEPcomplex.cc:126) ==24919== by 0x1335F774: STEPcomplex::STEPcomplex(Registry*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const**, int, char const*) (STEPcomplex.cc:33) ==24919== by 0x1331842E: STEPfile::CreateSubSuperInstance(std::__1::basic_istream<char, std::__1::char_traits<char> >&, int, ErrorDescriptor&) (STEPfile.cc:1048) ==24919== by 0x13315E15: STEPfile::CreateInstance(std::__1::basic_istream<char, std::__1::char_traits<char> >&, std::__1::basic_ostream<char, std::__1::char_traits<char> >&) (STEPfile.cc:833) ==24919== by 0x133158B1: STEPfile::ReadData1(std::__1::basic_istream<char, std::__1::char_traits<char> >&) (STEPfile.cc:502) ==24919== by 0x13319EA8: STEPfile::AppendFile(std::__1::basic_istream<char, std::__1::char_traits<char> >*, bool) (STEPfile.cc:1674) ==24919== by 0x1331C984: STEPfile::ReadExchangeFile(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool) (STEPfile.inline.cc:119) ==24919== by 0x3AFDCE: STEPWrapper::load(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&) (STEPWrapper.cpp:1300) ==24919== If you believe this happened as a result of a stack ==24919== overflow in your program's main thread (unlikely but ==24919== possible), you can try to increase the size of the ==24919== main thread stack using the --main-stacksize= flag. ==24919== The main thread stack size used in this run was 16777216. To fix this, add null pointer checks to EntList::firstNot() and various other EntList functions. [1] http://package22.nyi.freebsd.org/data/mainamd64PR255570-default/2021-05-08_16h02m24s/logs/brlcad-7.30.2.log
^Triage: Reporter is committer, assign accordingly.
Looks good to me, thank you! I've passed this along to the BRL-CAD dev team
(In reply to Erik Greenwald from comment #2) Note that upstream seems to have fixed the null pointer accesses at least for src/other/ext/stepcode/src/clstepcore/complexSupport.h, but not the other instance(s) of complexSupport.h: https://github.com/BRL-CAD/brlcad/commit/b0dd45620f1ffdd8814069df091b20e8780e1b3e In upstream's main branch, that file is replicated in three places: src/other/ext/stepcode/src/clstepcore/complexSupport.h src/other/ext/stepcode/src/exp2cxx/complexSupport.h src/other/ext/stepcode/src/exp2python/src/complexSupport.h but only the first one has been fixed.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3217bf995f8966f12f71127472e95b581eb36f75 commit 3217bf995f8966f12f71127472e95b581eb36f75 Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2021-05-26 10:38:46 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2021-06-10 16:57:57 +0000 cad/brlcad: fix null pointer accesses during build During an exp-run for llvm 12 (see bug 255570), it turned out that cad/brlcad does not build with clang 12.0.0: [ 99% 4379/4403] cd /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/db/nist && /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/bin/step-g -O /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/share/db/nist/NIST_MBE_PMI_11.g /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/db/nist/NIST_MBE_PMI_11.stp > /wrkdirs/usr/ports/cad/brlcad/work/brlcad-7.30.2/db/nist/NIST_MBE_PMI_11.log 2>&1 FAILED: share/db/nist/NIST_MBE_PMI_11.g What happens is that the step-g intermediate program segfaults, because it attempts to access a null pointer. Valgrind shows: Reading Data from /wrkdirs/share/dim/ports/cad/brlcad/work/brlcad-7.30.2/db/nist/NIST_MBE_PMI_11.stp... HEADER read: ==24919== Invalid read of size 4 ==24919== at 0x1337BA10: EntList::firstNot(JoinType) (entlist.cc:39) ==24919== by 0x1337C93E: nextNot (complexSupport.h:185) ==24919== by 0x1337C93E: AndList::matchNonORs(EntNode*) (non-ors.cc:135) ==24919== by 0x1337B77C: ComplexList::matches(EntNode*) (complexlist.cc:176) ==24919== by 0x1337B36A: ComplexCollect::supports(EntNode*) const (collect.cc:140) ==24919== by 0x1335FA5A: STEPcomplex::Initialize(char const**, char const*) (STEPcomplex.cc:126) ==24919== by 0x1335F774: STEPcomplex::STEPcomplex(Registry*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const**, int, char const*) (STEPcomplex.cc:33) ==24919== by 0x1331842E: STEPfile::CreateSubSuperInstance(std::__1::basic_istream<char, std::__1::char_traits<char> >&, int, ErrorDescriptor&) (STEPfile.cc:1048) ==24919== by 0x13315E15: STEPfile::CreateInstance(std::__1::basic_istream<char, std::__1::char_traits<char> >&, std::__1::basic_ostream<char, std::__1::char_traits<char> >&) (STEPfile.cc:833) ==24919== by 0x133158B1: STEPfile::ReadData1(std::__1::basic_istream<char, std::__1::char_traits<char> >&) (STEPfile.cc:502) ==24919== by 0x13319EA8: STEPfile::AppendFile(std::__1::basic_istream<char, std::__1::char_traits<char> >*, bool) (STEPfile.cc:1674) ==24919== by 0x1331C984: STEPfile::ReadExchangeFile(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool) (STEPfile.inline.cc:119) ==24919== by 0x3AFDCE: STEPWrapper::load(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&) (STEPWrapper.cpp:1300) ==24919== Address 0x8 is not stack'd, malloc'd or (recently) free'd ==24919== ==24919== ==24919== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==24919== Access not within mapped region at address 0x8 ==24919== at 0x1337BA10: EntList::firstNot(JoinType) (entlist.cc:39) ==24919== by 0x1337C93E: nextNot (complexSupport.h:185) ==24919== by 0x1337C93E: AndList::matchNonORs(EntNode*) (non-ors.cc:135) ==24919== by 0x1337B77C: ComplexList::matches(EntNode*) (complexlist.cc:176) ==24919== by 0x1337B36A: ComplexCollect::supports(EntNode*) const (collect.cc:140) ==24919== by 0x1335FA5A: STEPcomplex::Initialize(char const**, char const*) (STEPcomplex.cc:126) ==24919== by 0x1335F774: STEPcomplex::STEPcomplex(Registry*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const**, int, char const*) (STEPcomplex.cc:33) ==24919== by 0x1331842E: STEPfile::CreateSubSuperInstance(std::__1::basic_istream<char, std::__1::char_traits<char> >&, int, ErrorDescriptor&) (STEPfile.cc:1048) ==24919== by 0x13315E15: STEPfile::CreateInstance(std::__1::basic_istream<char, std::__1::char_traits<char> >&, std::__1::basic_ostream<char, std::__1::char_traits<char> >&) (STEPfile.cc:833) ==24919== by 0x133158B1: STEPfile::ReadData1(std::__1::basic_istream<char, std::__1::char_traits<char> >&) (STEPfile.cc:502) ==24919== by 0x13319EA8: STEPfile::AppendFile(std::__1::basic_istream<char, std::__1::char_traits<char> >*, bool) (STEPfile.cc:1674) ==24919== by 0x1331C984: STEPfile::ReadExchangeFile(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool) (STEPfile.inline.cc:119) ==24919== by 0x3AFDCE: STEPWrapper::load(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&) (STEPWrapper.cpp:1300) ==24919== If you believe this happened as a result of a stack ==24919== overflow in your program's main thread (unlikely but ==24919== possible), you can try to increase the size of the ==24919== main thread stack using the --main-stacksize= flag. ==24919== The main thread stack size used in this run was 16777216. To fix this, add null pointer checks to EntList::firstNot() and various other EntList functions. Approved by: erik@brlcad.org (maintainer) PR: 256166 MFH: 2021Q2 ..._stepcode_src_clstepcore_complexSupport.h (new) | 26 ++++++++++++++++++++++ ...her_stepcode_src_exp2cxx_complexSupport.h (new) | 26 ++++++++++++++++++++++ 2 files changed, 52 insertions(+)