Uploaded image for project: 'ROOT'
  1. ROOT
  2. ROOT-10344

stack overflow in rootcling on anonymous union

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 6.18/04
    • Fix Version/s: 6.20/00, 6.18/06
    • Component/s: Dictionaries
    • Labels:
      None
    • Environment:

      Linux/gcc.

      Description

      pthread_cond_t contains __pthread_cond_s, which contains __wseq32, which is an anonymous union. Once TCling::InspectMembers hits that, it starts chasing its own tail. It first corrupts memory b/c of #10343, then it runs until the stack overflows.

      Simple reproducer follows (note: this reproducer is with #10343 fixed on my end):

      $ cat Overflow.h
      #include "pthread.h"
      class Event {
      public:
          pthread_cond_t data;
      };
       
      $ cat OverflowLinkdef.h
      #pragma link C++ defined_in "Overflow.h";
       
      $ rootcling Overflow.h OverflowLinkdef.h
      #11 0x00007f163070e55f TClingClassInfo::TClingClassInfo(cling::Interpreter*, char const*) /home/wlav/cppyy-dev/cppyy-backend/cling/src/core/metacling/src/TClingClassInfo.cxx:88:35
      #12 0x00007f163071cb28 _ZN10TLockGuardD4Ev /home/wlav/cppyy-dev/cppyy-backend/cling/dev/include/TVirtualMutex.h:86:4
      #13 0x00007f163071cb28 TCling::ClassInfo_Factory(char const*) const /home/wlav/cppyy-dev/cppyy-backend/cling/src/core/metacling/src/TCling.cxx:7683:4
      #14 0x00007f163008e1cc TMemberInspector::GenericShowMembers(char const*, void const*, bool) /home/wlav/cppyy-dev/cppyy-backend/cling/src/core/base/src/TMemberInspector.cxx:122:58
      #15 0x00007f163008e593 TMemberInspector::InspectMember(char const*, void const*, char const*, bool) /home/wlav/cppyy-dev/cppyy-backend/cling/src/core/base/src/TMemberInspector.cxx:153:4
      #16 0x00007f163073bb2e std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_is_local() const /usr/include/c++/9/bits/basic_string.h:657:7
      #17 0x00007f163073bb2e std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_dispose() /usr/include/c++/9/bits/basic_string.h:231:6
      #18 0x00007f163073bb2e _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED4Ev /usr/include/c++/9/bits/basic_string.h:658:9
      #19 0x00007f163073bb2e TCling::InspectMembers(TMemberInspector&, void const*, TClass const*, bool) /home/wlav/cppyy-dev/cppyy-backend/cling/src/core/metacling/src/TCling.cxx:2658:43
      #20 0x00007f163013aa2d TClass::CallShowMembers(void const*, TMemberInspector&, bool) const /home/wlav/cppyy-dev/cppyy-backend/cling/src/core/meta/src/TClass.cxx:2141:10
      #21 0x00007f163013aa2d TClass::CallShowMembers(void const*, TMemberInspector&, bool) const /home/wlav/cppyy-dev/cppyy-backend/cling/src/core/meta/src/TClass.cxx:2120:8
      #22 0x00007f163008e593 TMemberInspector::InspectMember(char const*, void const*, char const*, bool) /home/wlav/cppyy-dev/cppyy-backend/cling/src/core/base/src/TMemberInspector.cxx:153:4
      etc., etc., ...

        Attachments

          Activity

            People

            • Assignee:
              pcanal Philippe Canal
              Reporter:
              wlav Wim Lavrijsen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: