Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash on deserialization of repeated field when using Clang 19 on Windows #20482

Open
user-45-20 opened this issue Feb 26, 2025 · 0 comments
Open

Crash on deserialization of repeated field when using Clang 19 on Windows #20482

user-45-20 opened this issue Feb 26, 2025 · 0 comments

Comments

@user-45-20
Copy link

user-45-20 commented Feb 26, 2025
edited
Loading

I'm using Clang 19.1.1 on Windows 10. Protobuf version: 5.29.3 (latest available), also present in 5.29.2. The issue is NOT present on Clang 17; I have not tested version 18.
I've also tested this with Clang 19 on Ubuntu 24 and it cannot be reproduced there.

Here's my proto file and C++ source:

test.proto

message Msg {
    repeated SubMsg subMsgs = 1;
}

message SubMsg {
    string value = 1;
}

main.cpp

#include "test.pb.h"

int main()
{
    GOOGLE_PROTOBUF_VERIFY_VERSION;

    std::string serialized;
    {
        Msg msg;
        SubMsg *sub = msg.add_submsgs();
        sub->set_value("1.1.1.1");
        serialized = msg.SerializeAsString();
    }

    {
        Msg msg;
        msg.ParseFromString(serialized);

        for (const auto& sub : msg.submsgs())
        {
            std::cout << sub.value() << "\n";
        }
    }

    google::protobuf::ShutdownProtobufLibrary();

    return 0;
}

The code above crashes deep inside ParseFromString when deserializing the repeated field:

 	0000000000000000()	Unknown
>	[Inline Frame] test_.exe!google::protobuf::internal::MessageCreator::PlacementNew(const google::protobuf::MessageLite *) Line 1204	C++
 	[Inline Frame] test_.exe!google::protobuf::internal::MessageCreator::New(const google::protobuf::MessageLite * prototype_for_func, const google::protobuf::MessageLite *) Line 1300	C++
 	[Inline Frame] test_.exe!google::protobuf::internal::ClassData::New(google::protobuf::Arena *) Line 411	C++
 	[Inline Frame] test_.exe!google::protobuf::internal::TcParser::NewMessage(const google::protobuf::internal::TcParseTableBase *) Line 360	C++
 	[Inline Frame] test_.exe!google::protobuf::internal::TcParser::AddMessage::__l2::<lambda>(google::protobuf::Arena *) Line 366	C++
 	test_.exe!google::protobuf::internal::RepeatedPtrFieldBase::AddInternal<google::protobuf::MessageLite * <lambda>(google::protobuf::Arena *)>(google::protobuf::internal::TcParser::AddMessage::__l2::google::protobuf::MessageLite * <lambda>(google::protobuf::Arena *) factory) Line 783	C++
 	[Inline Frame] test_.exe!google::protobuf::internal::TcParser::AddMessage(const google::protobuf::internal::TcParseTableBase *) Line 365	C++
 	[Inline Frame] test_.exe!google::protobuf::internal::TcParser::RepeatedParseMessageAuxImpl(google::protobuf::MessageLite * ptr, const char * ctx, google::protobuf::internal::ParseContext *) Line 465	C++
 	test_.exe!google::protobuf::internal::TcParser::FastMtR1(google::protobuf::MessageLite * msg, const char * ptr, google::protobuf::internal::ParseContext * ctx, google::protobuf::internal::TcFieldData data, const google::protobuf::internal::TcParseTableBase * table, unsigned __int64 hasbits) Line 504	C++
 	[Inline Frame] test_.exe!google::protobuf::internal::TcParser::TagDispatch(google::protobuf::MessageLite *) Line 1105	C++
 	[Inline Frame] test_.exe!google::protobuf::internal::TcParser::ParseLoop(google::protobuf::MessageLite * ptr, const char * table, google::protobuf::internal::ParseContext *) Line 1147	C++
 	test_.exe!google::protobuf::internal::MergeFromImpl<0>(absl::lts_20240722::string_view input, google::protobuf::MessageLite * msg, const google::protobuf::internal::TcParseTableBase * tc_table, google::protobuf::MessageLite::ParseFlags parse_flags) Line 218	C++
 	[Inline Frame] test_.exe!google::protobuf::MessageLite::ParseFrom(const absl::lts_20240722::string_view &) Line 1149	C++
 	test_.exe!google::protobuf::MessageLite::ParseFromString(absl::lts_20240722::string_view data) Line 402	C++
 	test_.exe!main() Line 21	C++

specifically, in MessageCreator::PlacementNew, the following line is executed:

return static_cast<MessageLite*>(func_(prototype_for_func, mem, arena));

however, in this case MessageCreator::func_ is NULL, so the result is an access violation.

Note that I'm not sure at this stage whether this is an issue in protobuf or Clang, I'm still investigating this to find a possible workaround, but I felt it may be worth reporting here to let others know.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@user-45-20