SIGSEGV when configuring Anope project (UBSAN finds null pointer dereference in cmGeneratorTarget)
Hello,
I get the following crash with CMake 3.25.1 (note the 0x30 address) when building Anope 2.0.12 (https://github.com/anope/anope) with a specific environment described below:
Backtrace
Core was generated by `cmake -C /var/tmp/portage/net-irc/anope-2.0.12/work/anope-2.0.12_build/gentoo_c'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055f8282dee8a in std::vector<cmLinkItem, std::allocator<cmLinkItem> >::size (this=0x30) at /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/stl_vector.h:988
988 { return size_type(this->_M_impl._M_finish - this->_M_impl._M_start); }
(gdb) bt
#0 0x000055f8282dee8a in std::vector<cmLinkItem, std::allocator<cmLinkItem> >::size (this=0x30) at /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/stl_vector.h:988
#1 std::vector<cmLinkItem, std::allocator<cmLinkItem> >::operator= (__x=<error reading variable: Cannot access memory at address 0x38>, this=0x55f82a333cc0)
at /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/vector.tcc:229
#2 cmGeneratorTarget::ComputeLinkInterface (this=0x55f82a2f3f00, config="RelWithDebInfo", iface=..., headTarget=0x55f829a8fcc0, secondPass=<optimized out>)
at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:6908
#3 0x000055f8282df8f8 in cmGeneratorTarget::GetLinkInterface (this=0x55f82a2f3f00, config="RelWithDebInfo", head=<optimized out>, secondPass=<optimized out>)
at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:6852
#4 0x000055f828301e8c in cmTargetCollectLinkLanguages::Visit (this=this@entry=0x7ffca2abe0a0, item=...) at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:2739
#5 0x000055f8282c4ecb in cmGeneratorTarget::ComputeLinkClosure (this=0x55f829a8fcc0, config=..., lc=..., secondPass=<optimized out>)
at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:2853
#6 0x000055f8282c5840 in cmGeneratorTarget::ComputeLinkClosure (this=0x55f829a8fcc0, config="RelWithDebInfo", lc=...) at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:2898
#7 0x000055f8282c5d47 in cmGeneratorTarget::GetLinkClosure (this=<optimized out>, config="RelWithDebInfo") at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:2784
#8 0x000055f8282c623d in cmGeneratorTarget::GetLinkerLanguage (config="RelWithDebInfo", this=0x55f829a8fcc0) at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:5396
#9 cmGeneratorTarget::GetFullNameInternal (this=0x55f829a8fcc0, config="RelWithDebInfo", artifact=cmStateEnums::RuntimeBinaryArtifact, outPrefix="", outBase="", outSuffix="")
at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:5332
#10 0x000055f8282e7140 in cmGeneratorTarget::GetLibraryNames (this=0x55f829a8fcc0, config="RelWithDebInfo") at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:5180
#11 0x000055f8282ef085 in cmGeneratorTarget::ComputeTargetManifest (this=0x55f829a8fcc0, config="RelWithDebInfo") at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGeneratorTarget.cxx:4966
#12 0x000055f827edc6dc in cmLocalGenerator::ComputeTargetManifest (this=<optimized out>) at /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:191
#13 0x000055f82831a2ab in cmGlobalGenerator::Compute (this=0x55f829a69e80) at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmGlobalGenerator.cxx:1569
#14 0x000055f827fe882c in cmake::Generate (this=this@entry=0x7ffca2abf3b0) at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmake.cxx:2575
#15 0x000055f827fe8b66 in cmake::Run (this=this@entry=0x7ffca2abf3b0, args=std::vector of length 16, capacity 16 = {...}, noconfigure=<optimized out>)
at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmake.cxx:2558
#16 0x000055f827ea3f55 in (anonymous namespace)::do_cmake (ac=<optimized out>, av=0x55f829a54930) at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmakemain.cxx:362
#17 0x000055f827e88e7f in main (ac=16, av=0x55f829a54930) at /usr/src/debug/dev-util/cmake-3.25.1/cmake-3.25.1/Source/cmakemain.cxx:1074
(gdb)With UBSAN, I see:
[...]
-- Looking for kqueue
-- Looking for kqueue - not found
-- Configuring done
/var/tmp/portage/dev-util/cmake-3.25.1/work/cmake-3.25.1/Source/cmGeneratorTarget.cxx:6908:40: runtime error: member access within null pointer of type 'const struct cmLinkImplementationLibraries'I can reproduce it with the following script:
#!/usr/bin/env bash
set -ux
# Separate file, crash doesn't happen without this environment sourced!
. ${TMPDIR:-/tmp}/cmake_env
BASEDIR=${TMPDIR:-/tmp}/anope
SOURCEDIR=${TMPDIR:-/tmp}/anope/anope-2.0.12
BUILDDIR=${TMPDIR:-/tmp}/anope/anope-2.0.12_build
rm -rf ${SOURCEDIR:-${TMPDIR:-/tmp}/anope}
mkdir anope-2.0.12
mkdir -p ${BASEDIR}
if [[ ! -f ${BASEDIR}/2.0.12.tar.gz ]] ; then
wget https://github.com/anope/anope/archive/refs/tags/2.0.12.tar.gz -O ${BASEDIR}/2.0.12.tar.gz
fi
tar xvf ${BASEDIR}/2.0.12.tar.gz -C ${BASEDIR}
cd ${SOURCEDIR}
# If these two lines are commented, the crash disappears.
ln -s extra/m_ssl_openssl.cpp modules/
ln -s extra/m_regex_posix.cpp modules/
rm -rf ${BUILDDIR:-${TMPDIR:-/tmp}/anope}
mkdir -p ${BUILDDIR} && cd ${BUILDDIR}
cmake \
-G Ninja \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DBIN_DIR=libexec/anope -DDB_DIR=../var/lib/anope -DDOC_DIR=share/doc/anope-2.0.12 -DLIB_DIR=lib64/anope -DLOCALE_DIR=share/locale -DCONF_DIR=/etc/anope -DLOGS_DIR=../var/log/anope/ \
${SOURCEDIR}with /tmp/cmake_env as:
declare -x CLICOLOR_FORCE="1"
declare -x PATH="/usr/lib/portage/python3.11/ebuild-helpers/xattr:/usr/bin"Note that Anope has an interesting setup where you must enable (typically by symlinking single source files) modules before running cmake. The crash only occurs if I create some of these symlinks (see script above).
I haven't managed to reduce the needed environment variables yet, but I can't reproduce the problem without that (large) environment sourced first. As you might have guessed, I originally hit this when building within Portage in Gentoo, but have tried to extract it out.