[clangd] Buffer overflow on completion request

[henryhchchc]

For the following C code snippet:

int main(int argc, char **argv) {
// {{'กssss'?}}
  
  return  423;
}

A textDocument/completion at the beginning of the blank line causes global-buffer-overflow (caught by ASAN).

I[08:51:30.230] clangd version 20.1.0 (https://github.com/llvm/llvm-project.git 24a30daaa559829ad079f2ff7f73eb4e18095f88)
I[08:51:30.230] Features: linux+debug+asan
I[08:51:30.230] PID: 435398
I[08:51:30.230] Working directory: /tmp/export/input_3/workspace
I[08:51:30.230] argv[0]: /llvm/build/bin/clangd
I[08:51:30.231] argv[1]: --log=verbose
V[08:51:30.231] User config file is /root/.config/clangd/config.yaml
I[08:51:30.231] Starting LSP over stdin/stdout
V[08:51:30.232] <<< {"id":0,"jsonrpc":"2.0","method":"initialize","params":{"capabilities":{"general":{"markdown":{"parser":"marked","version":"1.1.0"},"positionEncodings":["utf-16"],"regularExpressions":{"engine":"ECMAScript","version":"ES2020"},"staleRequestSupport":{"cancel":true,"retryOnContentModified":["textDocument/semanticTokens/full","textDocument/semanticTokens/range","textDocument/semanticTokens/full/delta"]}},"notebookDocument":{"synchronization":{"dynamicRegistration":true,"executionSummarySupport":true}},"textDocument":{"callHierarchy":{"dynamicRegistration":true},"codeAction":{"codeActionLiteralSupport":{"codeActionKind":{"valueSet":["","quickfix","refactor","refactor.extract","refactor.inline","refactor.rewrite","source","source.organizeImports"]}},"dataSupport":true,"disabledSupport":true,"dynamicRegistration":true,"honorsChangeAnnotations":false,"isPreferredSupport":true,"resolveSupport":{"properties":["edit"]}},"codeLens":{"dynamicRegistration":true},"colorProvider":{"dynamicRegistration":true},"completion":{"completionItem":{"commitCharactersSupport":true,"deprecatedSupport":true,"documentationFormat":["markdown","plaintext"],"insertReplaceSupport":true,"insertTextModeSupport":{"valueSet":[1,2]},"labelDetailsSupport":true,"preselectSupport":true,"resolveSupport":{"properties":["documentation","detail","additionalTextEdits"]},"snippetSupport":true,"tagSupport":{"valueSet":[1]}},"completionItemKind":{"valueSet":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25]},"completionList":{"itemDefaults":["commitCharacters","editRange","insertTextFormat","insertTextMode"]},"contextSupport":true,"dynamicRegistration":true,"editsNearCursor":true,"insertTextMode":2},"declaration":{"dynamicRegistration":true,"linkSupport":true},"definition":{"dynamicRegistration":true,"linkSupport":true},"diagnostic":{"dynamicRegistration":true,"relatedDocumentSupport":false},"documentHighlight":{"dynamicRegistration":true},"documentLink":{"dynamicRegistration":true,"tooltipSupport":true},"documentSymbol":{"dynamicRegistration":true,"hierarchicalDocumentSymbolSupport":true,"labelSupport":true,"symbolKind":{"valueSet":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26]},"tagSupport":{"valueSet":[1]}},"foldingRange":{"dynamicRegistration":true,"foldingRange":{"collapsedText":false},"foldingRangeKind":{"valueSet":["comment","imports","region"]},"lineFoldingOnly":true,"rangeLimit":5000},"formatting":{"dynamicRegistration":true},"hover":{"contentFormat":["markdown","plaintext"],"dynamicRegistration":true},"implementation":{"dynamicRegistration":true,"linkSupport":true},"inactiveRegionsCapabilities":{"inactiveRegions":true},"inlayHint":{"dynamicRegistration":true,"resolveSupport":{"properties":["tooltip","textEdits","label.tooltip","label.location","label.command"]}},"inlineValue":{"dynamicRegistration":true},"linkedEditingRange":{"dynamicRegistration":true},"onTypeFormatting":{"dynamicRegistration":true},"publishDiagnostics":{"codeDescriptionSupport":true,"dataSupport":true,"relatedInformation":true,"tagSupport":{"valueSet":[1,2]},"versionSupport":false},"rangeFormatting":{"dynamicRegistration":true},"references":{"dynamicRegistration":true},"rename":{"dynamicRegistration":true,"honorsChangeAnnotations":true,"prepareSupport":true,"prepareSupportDefaultBehavior":1},"selectionRange":{"dynamicRegistration":true},"semanticTokens":{"augmentsSyntaxTokens":true,"dynamicRegistration":true,"formats":["relative"],"multilineTokenSupport":false,"overlappingTokenSupport":false,"requests":{"full":{"delta":true},"range":true},"serverCancelSupport":true,"tokenModifiers":["declaration","definition","readonly","static","deprecated","abstract","async","modification","documentation","defaultLibrary"],"tokenTypes":["namespace","type","class","enum","interface","struct","typeParameter","parameter","variable","property","enumMember","event","function","method","macro","keyword","modifier","comment","string","number","regexp","operator","decorator"]},"signatureHelp":{"contextSupport":true,"dynamicRegistration":true,"signatureInformation":{"activeParameterSupport":true,"documentationFormat":["markdown","plaintext"],"parameterInformation":{"labelOffsetSupport":true}}},"synchronization":{"didSave":true,"dynamicRegistration":true,"willSave":true,"willSaveWaitUntil":true},"typeDefinition":{"dynamicRegistration":true,"linkSupport":true},"typeHierarchy":{"dynamicRegistration":true}},"window":{"showDocument":{"support":true},"showMessage":{"messageActionItem":{"additionalPropertiesSupport":true}},"workDoneProgress":true},"workspace":{"applyEdit":true,"codeLens":{"refreshSupport":true},"configuration":true,"diagnostics":{"refreshSupport":true},"didChangeConfiguration":{"dynamicRegistration":true},"didChangeWatchedFiles":{"dynamicRegistration":true,"relativePatternSupport":true},"executeCommand":{"dynamicRegistration":true},"fileOperations":{"didCreate":true,"didDelete":true,"didRename":true,"dynamicRegistration":true,"willCreate":true,"willDelete":true,"willRename":true},"inlayHint":{"refreshSupport":true},"inlineValue":{"refreshSupport":true},"semanticTokens":{"refreshSupport":true},"symbol":{"dynamicRegistration":true,"resolveSupport":{"properties":["location.range"]},"symbolKind":{"valueSet":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26]},"tagSupport":{"valueSet":[1]}},"workspaceEdit":{"changeAnnotationSupport":{"groupsOnLabel":true},"documentChanges":true,"failureHandling":"textOnlyTransactional","normalizesLineEndings":true,"resourceOperations":["create","rename","delete"]},"workspaceFolders":true}},"clientInfo":{"name":"Visual Studio Code","version":"1.98.1"},"initializationOptions":{"clangdFileStatus":true,"fallbackFlags":[]},"locale":"en","processId":419726,"rootPath":"/tmp/export/input_3/workspace","rootUri":"file:///tmp/export/input_3/workspace","trace":"off","workspaceFolders":[{"name":"workspace","uri":"file:///tmp/export/input_3/workspace"}]}}

I[08:51:30.232] <-- initialize(0)
I[08:51:30.260] --> reply:initialize(0) 27 ms
V[08:51:30.260] >>> {"id":0,"jsonrpc":"2.0","result":{"capabilities":{"astProvider":true,"callHierarchyProvider":true,"clangdInlayHintsProvider":true,"codeActionProvider":{"codeActionKinds":["quickfix","refactor","info"]},"compilationDatabase":{"automaticReload":true},"completionProvider":{"resolveProvider":false,"triggerCharacters":[".","<",">",":","\"","/","*"]},"declarationProvider":true,"definitionProvider":true,"documentFormattingProvider":true,"documentHighlightProvider":true,"documentLinkProvider":{"resolveProvider":false},"documentOnTypeFormattingProvider":{"firstTriggerCharacter":"\n","moreTriggerCharacter":[]},"documentRangeFormattingProvider":true,"documentSymbolProvider":true,"executeCommandProvider":{"commands":["clangd.applyFix","clangd.applyRename","clangd.applyTweak"]},"foldingRangeProvider":true,"hoverProvider":true,"implementationProvider":true,"inactiveRegionsProvider":true,"inlayHintProvider":true,"memoryUsageProvider":true,"referencesProvider":true,"renameProvider":{"prepareProvider":true},"selectionRangeProvider":true,"semanticTokensProvider":{"full":{"delta":true},"legend":{"tokenModifiers":["declaration","definition","deprecated","deduced","readonly","static","abstract","virtual","dependentName","defaultLibrary","usedAsMutableReference","usedAsMutablePointer","constructorOrDestructor","userDefined","functionScope","classScope","fileScope","globalScope"],"tokenTypes":["variable","variable","parameter","function","method","function","property","variable","class","interface","enum","enumMember","type","type","unknown","namespace","typeParameter","concept","type","macro","modifier","operator","bracket","label","comment"]},"range":false},"signatureHelpProvider":{"triggerCharacters":["(",")","{","}","<",">",","]},"standardTypeHierarchyProvider":true,"textDocumentSync":{"change":2,"openClose":true,"save":true},"typeDefinitionProvider":true,"typeHierarchyProvider":true,"workspaceSymbolProvider":true},"serverInfo":{"name":"clangd","version":"clangd version 20.1.0 (https://github.com/llvm/llvm-project.git 24a30daaa559829ad079f2ff7f73eb4e18095f88) linux+debug+asan x86_64-unknown-linux-gnu"}}}

V[08:51:30.260] <<< {"jsonrpc":"2.0","method":"initialized","params":{}}

I[08:51:30.260] <-- initialized
V[08:51:30.261] <<< {"jsonrpc":"2.0","method":"textDocument/didOpen","params":{"textDocument":{"languageId":"c","text":"int main(int argc, char **argv) {\n// {{'กssss'?}}\n  \n  return  423;\n}\n","uri":"file:///tmp/export/input_3/workspace/main.c","version":356}}}

I[08:51:30.261] <-- textDocument/didOpen
I[08:51:30.263] Failed to find compilation database for /tmp/export/input_3/workspace/main.c
I[08:51:30.263] ASTWorker building file /tmp/export/input_3/workspace/main.c version 356 with command clangd fallback
[/tmp/export/input_3/workspace]
/usr/bin/clang -resource-dir=/llvm/build/lib/clang/20 -- /tmp/export/input_3/workspace/main.c
V[08:51:30.267] Driver produced command: cc1 -cc1 -triple x86_64-unknown-linux-gnu -fsyntax-only -disable-free -clear-ast-before-backend -main-file-name main.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/tmp/export/input_3/workspace -fcoverage-compilation-dir=/tmp/export/input_3/workspace -resource-dir /llvm/build/lib/clang/20 -internal-isystem /llvm/build/lib/clang/20/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib/gcc/x86_64-redhat-linux/11/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -no-round-trip-args -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -x c /tmp/export/input_3/workspace/main.c
I[08:51:30.267] --> textDocument/clangd.fileStatus
V[08:51:30.267] >>> {"jsonrpc":"2.0","method":"textDocument/clangd.fileStatus","params":{"state":"parsing includes, running Update","uri":"file:///tmp/export/input_3/workspace/main.c"}}

V[08:51:30.268] Building first preamble for /tmp/export/input_3/workspace/main.c version 356
I[08:51:30.282] Built preamble of size 266776 for file /tmp/export/input_3/workspace/main.c version 356 in 0.01 seconds
I[08:51:30.283] --> workspace/semanticTokens/refresh(0)
I[08:51:30.283] --> textDocument/clangd.fileStatus
V[08:51:30.283] >>> {"id":0,"jsonrpc":"2.0","method":"workspace/semanticTokens/refresh","params":null}

V[08:51:30.283] >>> {"jsonrpc":"2.0","method":"textDocument/clangd.fileStatus","params":{"state":"parsing includes, running Build AST","uri":"file:///tmp/export/input_3/workspace/main.c"}}

V[08:51:30.283] <<< {"id":0,"jsonrpc":"2.0","result":null}

I[08:51:30.283] <-- reply(0)
V[08:51:30.285] indexed preamble AST for /tmp/export/input_3/workspace/main.c version 356:
  symbol slab: 0 symbols, 120 bytes
  ref slab: 0 symbols, 0 refs, 128 bytes
  relations slab: 0 relations, 24 bytes
I[08:51:30.303] Indexing c17 standard library in the context of /tmp/export/input_3/workspace/main.c
V[08:51:30.304] indexed file AST for /tmp/export/input_3/workspace/main.c version 356:
  symbol slab: 1 symbols, 4448 bytes
  ref slab: 1 symbols, 1 refs, 4248 bytes
  relations slab: 0 relations, 24 bytes
V[08:51:30.304] Build dynamic index for main-file symbols with estimated memory usage of 11520 bytes
I[08:51:30.304] --> textDocument/publishDiagnostics
V[08:51:30.304] >>> {"jsonrpc":"2.0","method":"textDocument/publishDiagnostics","params":{"diagnostics":[],"uri":"file:///tmp/export/input_3/workspace/main.c","version":356}}

...

V[08:51:58.954] <<< {"id":10,"jsonrpc":"2.0","method":"textDocument/completion","params":{"context":{"triggerKind":1},"position":{"character":0,"line":2},"textDocument":{"uri":"file:///tmp/export/input_3/workspace/main.c"}}}

I[08:51:58.954] <-- textDocument/completion(10)
=================================================================
==435398==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000002500298 at pc 0x00000ba59740 bp 0x7fff57b42600 sp 0x7fff57b425f8
READ of size 1 at 0x000002500298 thread T135
    #0 0xba5973f in clang::clangd::CharType clang::clangd::packedLookup<clang::clangd::CharType>(unsigned char const*, int) /llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:152:26
    #1 0xba5973f in clang::clangd::calculateRoles(llvm::StringRef, llvm::MutableArrayRef<clang::clangd::CharRole>) /llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:168:12
    #2 0xbcf7d13 in clang::clangd::collectWords(llvm::StringRef) /llvm/clang-tools-extra/clangd/SourceCode.cpp:878:3
    #3 0xb898be4 in clang::clangd::(anonymous namespace)::CodeCompleteFlow::populateContextWords(llvm::StringRef) /llvm/clang-tools-extra/clangd/CodeComplete.cpp:1813:20
    #4 0xb893f07 in clang::clangd::(anonymous namespace)::CodeCompleteFlow::run(clang::clangd::(anonymous namespace)::SemaCompleteInput const&) && /llvm/clang-tools-extra/clangd/CodeComplete.cpp:1637:5
    #5 0xb893f07 in clang::clangd::codeComplete(llvm::StringRef, clang::clangd::Position, clang::clangd::PreambleData const*, clang::clangd::ParseInputs const&, clang::clangd::CodeCompleteOptions, clang::clangd::SpeculativeFuzzyFind*) /llvm/clang-tools-extra/clangd/CodeComplete.cpp:2289:32
    #6 0xb81e59d in clang::clangd::ClangdServer::codeComplete(llvm::StringRef, clang::clangd::Position, clang::clangd::CodeCompleteOptions const&, llvm::unique_function<void (llvm::Expected<clang::clangd::CodeCompleteResult>)>)::$_0::operator()(llvm::Expected<clang::clangd::InputsAndPreamble>) /llvm/clang-tools-extra/clangd/ClangdServer.cpp:460:33
    #7 0xb81e59d in void llvm::detail::UniqueFunctionBase<void, llvm::Expected<clang::clangd::InputsAndPreamble>>::CallImpl<clang::clangd::ClangdServer::codeComplete(llvm::StringRef, clang::clangd::Position, clang::clangd::CodeCompleteOptions const&, llvm::unique_function<void (llvm::Expected<clang::clangd::CodeCompleteResult>)>)::$_0>(void*, llvm::Expected<clang::clangd::InputsAndPreamble>&) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #8 0xbd25e53 in llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndPreamble>)>::operator()(llvm::Expected<clang::clangd::InputsAndPreamble>) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #9 0xbd25e53 in clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndPreamble>)>)::$_0::operator()() /llvm/clang-tools-extra/clangd/TUScheduler.cpp:1811:5
    #10 0xbd25e53 in void llvm::detail::UniqueFunctionBase<void>::CallImpl<clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndPreamble>)>)::$_0>(void*) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #11 0xc0a134d in llvm::unique_function<void ()>::operator()() /llvm/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #12 0xc0a134d in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1::operator()() /llvm/clang-tools-extra/clangd/support/Threading.cpp:101:5
    #13 0xc0a134d in auto void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...)::operator()<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(auto&&, auto&&...) const /llvm/llvm/include/llvm/Support/thread.h:43:11
    #14 0xc0a134d in auto std::__invoke_impl<void, void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(std::__invoke_other, void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...)&&, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61:14
    #15 0xc0a134d in std::__invoke_result<auto, auto...>::type std::__invoke<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(auto&&, auto&&...) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:96:14
    #16 0xc0a134d in decltype(auto) std::__apply_impl<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&, 0ul>(auto&&, std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&, std::integer_sequence<unsigned long, 0ul>) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2302:14
    #17 0xc0a134d in decltype(auto) std::apply<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&>(auto&&, std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2313:14
    #18 0xc0a134d in void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*) /llvm/llvm/include/llvm/Support/thread.h:41:5
    #19 0xc0a134d in void* llvm::thread::ThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*) /llvm/llvm/include/llvm/Support/thread.h:55:5
    #20 0x837269c in asan_thread_start(void*) crtstuff.c
    #21 0x7ffff7b0bd21 in start_thread (/lib64/libc.so.6+0x89d21) (BuildId: d78a44ae94f1d320342e0ff6c2315b2b589063f8)
    #22 0x7ffff7b90d3f in __GI___clone3 (/lib64/libc.so.6+0x10ed3f) (BuildId: d78a44ae94f1d320342e0ff6c2315b2b589063f8)

0x000002500298 is located 8 bytes before global variable 'clang::clangd::CharTypes' defined in '/llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:114' (0x25002a0) of size 64
0x000002500298 is located 28 bytes after global variable '__PRETTY_FUNCTION__._ZN5clang6clangd14calculateRolesEN4llvm9StringRefENS1_15MutableArrayRefINS0_8CharRoleEEE' defined in '/llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:156' (0x2500220) of size 92
  '__PRETTY_FUNCTION__._ZN5clang6clangd14calculateRolesEN4llvm9StringRefENS1_15MutableArrayRefINS0_8CharRoleEEE' is ascii string 'CharTypeSet clang::clangd::calculateRoles(llvm::StringRef, llvm::MutableArrayRef<CharRole>)'
SUMMARY: AddressSanitizer: global-buffer-overflow /llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:152:26 in clang::clangd::CharType clang::clangd::packedLookup<clang::clangd::CharType>(unsigned char const*, int)
Shadow bytes around the buggy address:
  0x000002500000: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x000002500080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000002500100: 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x000002500180: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 00 06 f9 f9
  0x000002500200: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 04
=>0x000002500280: f9 f9 f9[f9]00 00 00 00 00 00 00 00 f9 f9 f9 f9
  0x000002500300: 00 00 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9
  0x000002500380: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x000002500400: 00 07 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x000002500480: 06 f9 f9 f9 03 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9
  0x000002500500: 00 00 f9 f9 00 00 00 f9 f9 f9 f9 f9 00 05 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
Thread T135 created by T0 here:
    #0 0x835be55 in pthread_create (/llvm/build/bin/clangd+0x835be55) (BuildId: dd254a849ebc49d7)
    #1 0x89541e8 in llvm::llvm_execute_on_thread_impl(void* (*)(void*), void*, std::optional<unsigned int>) /llvm/llvm/lib/Support/Unix/Threading.inc:96:17
    #2 0xc0a0fc1 in llvm::thread::thread<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>(std::optional<unsigned int>, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&&) /llvm/llvm/include/llvm/Support/thread.h:131:12
    #3 0xc0a0fc1 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>) /llvm/clang-tools-extra/clangd/support/Threading.cpp:107:16
    #4 0xbd55bb1 in clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndPreamble>)>) /llvm/clang-tools-extra/clangd/TUScheduler.cpp:1814:18
    #5 0xb835c07 in clang::clangd::ClangdServer::codeComplete(llvm::StringRef, clang::clangd::Position, clang::clangd::CodeCompleteOptions const&, llvm::unique_function<void (llvm::Expected<clang::clangd::CodeCompleteResult>)>) /llvm/clang-tools-extra/clangd/ClangdServer.cpp:478:18
    #6 0xb75f4a7 in clang::clangd::ClangdLSPServer::onCompletion(clang::clangd::CompletionParams const&, llvm::unique_function<void (llvm::Expected<clang::clangd::CompletionList>)>) /llvm/clang-tools-extra/clangd/ClangdLSPServer.cpp:1133:11
    #7 0xb7ca1e7 in void clang::clangd::LSPBinder::method<clang::clangd::CompletionParams, clang::clangd::CompletionList, clang::clangd::ClangdLSPServer>(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::CompletionParams const&, llvm::unique_function<void (llvm::Expected<clang::clangd::CompletionList>)>))::'lambda'(llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>)::operator()(llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>) const /llvm/clang-tools-extra/clangd/LSPBinder.h:141:5
    #8 0xb7c9c92 in void llvm::detail::UniqueFunctionBase<void, llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>>::CallImpl<void clang::clangd::LSPBinder::method<clang::clangd::CompletionParams, clang::clangd::CompletionList, clang::clangd::ClangdLSPServer>(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::CompletionParams const&, llvm::unique_function<void (llvm::Expected<clang::clangd::CompletionList>)>))::'lambda'(llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>)>(void*, llvm::json::Value&, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>&) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #9 0xb7e2d09 in llvm::unique_function<void (llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>)>::operator()(llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #10 0xb7e2d09 in clang::clangd::ClangdLSPServer::MessageHandler::onCall(llvm::StringRef, llvm::json::Value, llvm::json::Value) /llvm/clang-tools-extra/clangd/ClangdLSPServer.cpp:243:7
    #11 0xbb379b2 in clang::clangd::(anonymous namespace)::JSONTransport::handleMessage(llvm::json::Value, clang::clangd::Transport::MessageHandler&) /llvm/clang-tools-extra/clangd/JSONTransport.cpp:194:20
    #12 0xbb379b2 in clang::clangd::(anonymous namespace)::JSONTransport::loop(clang::clangd::Transport::MessageHandler&) /llvm/clang-tools-extra/clangd/JSONTransport.cpp:119:16
    #13 0xb7ecbc9 in clang::clangd::ClangdLSPServer::run() /llvm/clang-tools-extra/clangd/ClangdLSPServer.cpp:1741:25
    #14 0xb615935 in clang::clangd::clangdMain(int, char**) /llvm/clang-tools-extra/clangd/tool/ClangdMain.cpp:1049:28
    #15 0x7ffff7aab5cf in __libc_start_call_main (/lib64/libc.so.6+0x295cf) (BuildId: d78a44ae94f1d320342e0ff6c2315b2b589063f8)

==435398==ABORTING

[llvmbot]

@llvm/issue-subscribers-clangd

Author: Henry Chu (henryhchchc)

For the following C code snippet:

int main(int argc, char **argv) {
// {{'กssss'?}}
  
  return  423;
}

A textDocument/completion at the beginning of the blank line causes global-buffer-overflow (caught by ASAN).

I[08:51:30.230] clangd version 20.1.0 (https://github.com/llvm/llvm-project.git 24a30daaa559829ad079f2ff7f73eb4e18095f88)
I[08:51:30.230] Features: linux+debug+asan
I[08:51:30.230] PID: 435398
I[08:51:30.230] Working directory: /tmp/export/input_3/workspace
I[08:51:30.230] argv[0]: /llvm/build/bin/clangd
I[08:51:30.231] argv[1]: --log=verbose
V[08:51:30.231] User config file is /root/.config/clangd/config.yaml
I[08:51:30.231] Starting LSP over stdin/stdout
V[08:51:30.232] <<< {"id":0,"jsonrpc":"2.0","method":"initialize","params":{"capabilities":{"general":{"markdown":{"parser":"marked","version":"1.1.0"},"positionEncodings":["utf-16"],"regularExpressions":{"engine":"ECMAScript","version":"ES2020"},"staleRequestSupport":{"cancel":true,"retryOnContentModified":["textDocument/semanticTokens/full","textDocument/semanticTokens/range","textDocument/semanticTokens/full/delta"]}},"notebookDocument":{"synchronization":{"dynamicRegistration":true,"executionSummarySupport":true}},"textDocument":{"callHierarchy":{"dynamicRegistration":true},"codeAction":{"codeActionLiteralSupport":{"codeActionKind":{"valueSet":["","quickfix","refactor","refactor.extract","refactor.inline","refactor.rewrite","source","source.organizeImports"]}},"dataSupport":true,"disabledSupport":true,"dynamicRegistration":true,"honorsChangeAnnotations":false,"isPreferredSupport":true,"resolveSupport":{"properties":["edit"]}},"codeLens":{"dynamicRegistration":true},"colorProvider":{"dynamicRegistration":true},"completion":{"completionItem":{"commitCharactersSupport":true,"deprecatedSupport":true,"documentationFormat":["markdown","plaintext"],"insertReplaceSupport":true,"insertTextModeSupport":{"valueSet":[1,2]},"labelDetailsSupport":true,"preselectSupport":true,"resolveSupport":{"properties":["documentation","detail","additionalTextEdits"]},"snippetSupport":true,"tagSupport":{"valueSet":[1]}},"completionItemKind":{"valueSet":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25]},"completionList":{"itemDefaults":["commitCharacters","editRange","insertTextFormat","insertTextMode"]},"contextSupport":true,"dynamicRegistration":true,"editsNearCursor":true,"insertTextMode":2},"declaration":{"dynamicRegistration":true,"linkSupport":true},"definition":{"dynamicRegistration":true,"linkSupport":true},"diagnostic":{"dynamicRegistration":true,"relatedDocumentSupport":false},"documentHighlight":{"dynamicRegistration":true},"documentLink":{"dynamicRegistration":true,"tooltipSupport":true},"documentSymbol":{"dynamicRegistration":true,"hierarchicalDocumentSymbolSupport":true,"labelSupport":true,"symbolKind":{"valueSet":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26]},"tagSupport":{"valueSet":[1]}},"foldingRange":{"dynamicRegistration":true,"foldingRange":{"collapsedText":false},"foldingRangeKind":{"valueSet":["comment","imports","region"]},"lineFoldingOnly":true,"rangeLimit":5000},"formatting":{"dynamicRegistration":true},"hover":{"contentFormat":["markdown","plaintext"],"dynamicRegistration":true},"implementation":{"dynamicRegistration":true,"linkSupport":true},"inactiveRegionsCapabilities":{"inactiveRegions":true},"inlayHint":{"dynamicRegistration":true,"resolveSupport":{"properties":["tooltip","textEdits","label.tooltip","label.location","label.command"]}},"inlineValue":{"dynamicRegistration":true},"linkedEditingRange":{"dynamicRegistration":true},"onTypeFormatting":{"dynamicRegistration":true},"publishDiagnostics":{"codeDescriptionSupport":true,"dataSupport":true,"relatedInformation":true,"tagSupport":{"valueSet":[1,2]},"versionSupport":false},"rangeFormatting":{"dynamicRegistration":true},"references":{"dynamicRegistration":true},"rename":{"dynamicRegistration":true,"honorsChangeAnnotations":true,"prepareSupport":true,"prepareSupportDefaultBehavior":1},"selectionRange":{"dynamicRegistration":true},"semanticTokens":{"augmentsSyntaxTokens":true,"dynamicRegistration":true,"formats":["relative"],"multilineTokenSupport":false,"overlappingTokenSupport":false,"requests":{"full":{"delta":true},"range":true},"serverCancelSupport":true,"tokenModifiers":["declaration","definition","readonly","static","deprecated","abstract","async","modification","documentation","defaultLibrary"],"tokenTypes":["namespace","type","class","enum","interface","struct","typeParameter","parameter","variable","property","enumMember","event","function","method","macro","keyword","modifier","comment","string","number","regexp","operator","decorator"]},"signatureHelp":{"contextSupport":true,"dynamicRegistration":true,"signatureInformation":{"activeParameterSupport":true,"documentationFormat":["markdown","plaintext"],"parameterInformation":{"labelOffsetSupport":true}}},"synchronization":{"didSave":true,"dynamicRegistration":true,"willSave":true,"willSaveWaitUntil":true},"typeDefinition":{"dynamicRegistration":true,"linkSupport":true},"typeHierarchy":{"dynamicRegistration":true}},"window":{"showDocument":{"support":true},"showMessage":{"messageActionItem":{"additionalPropertiesSupport":true}},"workDoneProgress":true},"workspace":{"applyEdit":true,"codeLens":{"refreshSupport":true},"configuration":true,"diagnostics":{"refreshSupport":true},"didChangeConfiguration":{"dynamicRegistration":true},"didChangeWatchedFiles":{"dynamicRegistration":true,"relativePatternSupport":true},"executeCommand":{"dynamicRegistration":true},"fileOperations":{"didCreate":true,"didDelete":true,"didRename":true,"dynamicRegistration":true,"willCreate":true,"willDelete":true,"willRename":true},"inlayHint":{"refreshSupport":true},"inlineValue":{"refreshSupport":true},"semanticTokens":{"refreshSupport":true},"symbol":{"dynamicRegistration":true,"resolveSupport":{"properties":["location.range"]},"symbolKind":{"valueSet":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26]},"tagSupport":{"valueSet":[1]}},"workspaceEdit":{"changeAnnotationSupport":{"groupsOnLabel":true},"documentChanges":true,"failureHandling":"textOnlyTransactional","normalizesLineEndings":true,"resourceOperations":["create","rename","delete"]},"workspaceFolders":true}},"clientInfo":{"name":"Visual Studio Code","version":"1.98.1"},"initializationOptions":{"clangdFileStatus":true,"fallbackFlags":[]},"locale":"en","processId":419726,"rootPath":"/tmp/export/input_3/workspace","rootUri":"file:///tmp/export/input_3/workspace","trace":"off","workspaceFolders":[{"name":"workspace","uri":"file:///tmp/export/input_3/workspace"}]}}

I[08:51:30.232] <-- initialize(0)
I[08:51:30.260] --> reply:initialize(0) 27 ms
V[08:51:30.260] >>> {"id":0,"jsonrpc":"2.0","result":{"capabilities":{"astProvider":true,"callHierarchyProvider":true,"clangdInlayHintsProvider":true,"codeActionProvider":{"codeActionKinds":["quickfix","refactor","info"]},"compilationDatabase":{"automaticReload":true},"completionProvider":{"resolveProvider":false,"triggerCharacters":[".","<",">",":","\"","/","*"]},"declarationProvider":true,"definitionProvider":true,"documentFormattingProvider":true,"documentHighlightProvider":true,"documentLinkProvider":{"resolveProvider":false},"documentOnTypeFormattingProvider":{"firstTriggerCharacter":"\n","moreTriggerCharacter":[]},"documentRangeFormattingProvider":true,"documentSymbolProvider":true,"executeCommandProvider":{"commands":["clangd.applyFix","clangd.applyRename","clangd.applyTweak"]},"foldingRangeProvider":true,"hoverProvider":true,"implementationProvider":true,"inactiveRegionsProvider":true,"inlayHintProvider":true,"memoryUsageProvider":true,"referencesProvider":true,"renameProvider":{"prepareProvider":true},"selectionRangeProvider":true,"semanticTokensProvider":{"full":{"delta":true},"legend":{"tokenModifiers":["declaration","definition","deprecated","deduced","readonly","static","abstract","virtual","dependentName","defaultLibrary","usedAsMutableReference","usedAsMutablePointer","constructorOrDestructor","userDefined","functionScope","classScope","fileScope","globalScope"],"tokenTypes":["variable","variable","parameter","function","method","function","property","variable","class","interface","enum","enumMember","type","type","unknown","namespace","typeParameter","concept","type","macro","modifier","operator","bracket","label","comment"]},"range":false},"signatureHelpProvider":{"triggerCharacters":["(",")","{","}","<",">",","]},"standardTypeHierarchyProvider":true,"textDocumentSync":{"change":2,"openClose":true,"save":true},"typeDefinitionProvider":true,"typeHierarchyProvider":true,"workspaceSymbolProvider":true},"serverInfo":{"name":"clangd","version":"clangd version 20.1.0 (https://github.com/llvm/llvm-project.git 24a30daaa559829ad079f2ff7f73eb4e18095f88) linux+debug+asan x86_64-unknown-linux-gnu"}}}

V[08:51:30.260] <<< {"jsonrpc":"2.0","method":"initialized","params":{}}

I[08:51:30.260] <-- initialized
V[08:51:30.261] <<< {"jsonrpc":"2.0","method":"textDocument/didOpen","params":{"textDocument":{"languageId":"c","text":"int main(int argc, char **argv) {\n// {{'กssss'?}}\n  \n  return  423;\n}\n","uri":"file:///tmp/export/input_3/workspace/main.c","version":356}}}

I[08:51:30.261] <-- textDocument/didOpen
I[08:51:30.263] Failed to find compilation database for /tmp/export/input_3/workspace/main.c
I[08:51:30.263] ASTWorker building file /tmp/export/input_3/workspace/main.c version 356 with command clangd fallback
[/tmp/export/input_3/workspace]
/usr/bin/clang -resource-dir=/llvm/build/lib/clang/20 -- /tmp/export/input_3/workspace/main.c
V[08:51:30.267] Driver produced command: cc1 -cc1 -triple x86_64-unknown-linux-gnu -fsyntax-only -disable-free -clear-ast-before-backend -main-file-name main.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/tmp/export/input_3/workspace -fcoverage-compilation-dir=/tmp/export/input_3/workspace -resource-dir /llvm/build/lib/clang/20 -internal-isystem /llvm/build/lib/clang/20/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib/gcc/x86_64-redhat-linux/11/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -no-round-trip-args -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -x c /tmp/export/input_3/workspace/main.c
I[08:51:30.267] --> textDocument/clangd.fileStatus
V[08:51:30.267] >>> {"jsonrpc":"2.0","method":"textDocument/clangd.fileStatus","params":{"state":"parsing includes, running Update","uri":"file:///tmp/export/input_3/workspace/main.c"}}

V[08:51:30.268] Building first preamble for /tmp/export/input_3/workspace/main.c version 356
I[08:51:30.282] Built preamble of size 266776 for file /tmp/export/input_3/workspace/main.c version 356 in 0.01 seconds
I[08:51:30.283] --> workspace/semanticTokens/refresh(0)
I[08:51:30.283] --> textDocument/clangd.fileStatus
V[08:51:30.283] >>> {"id":0,"jsonrpc":"2.0","method":"workspace/semanticTokens/refresh","params":null}

V[08:51:30.283] >>> {"jsonrpc":"2.0","method":"textDocument/clangd.fileStatus","params":{"state":"parsing includes, running Build AST","uri":"file:///tmp/export/input_3/workspace/main.c"}}

V[08:51:30.283] <<< {"id":0,"jsonrpc":"2.0","result":null}

I[08:51:30.283] <-- reply(0)
V[08:51:30.285] indexed preamble AST for /tmp/export/input_3/workspace/main.c version 356:
  symbol slab: 0 symbols, 120 bytes
  ref slab: 0 symbols, 0 refs, 128 bytes
  relations slab: 0 relations, 24 bytes
I[08:51:30.303] Indexing c17 standard library in the context of /tmp/export/input_3/workspace/main.c
V[08:51:30.304] indexed file AST for /tmp/export/input_3/workspace/main.c version 356:
  symbol slab: 1 symbols, 4448 bytes
  ref slab: 1 symbols, 1 refs, 4248 bytes
  relations slab: 0 relations, 24 bytes
V[08:51:30.304] Build dynamic index for main-file symbols with estimated memory usage of 11520 bytes
I[08:51:30.304] --> textDocument/publishDiagnostics
V[08:51:30.304] >>> {"jsonrpc":"2.0","method":"textDocument/publishDiagnostics","params":{"diagnostics":[],"uri":"file:///tmp/export/input_3/workspace/main.c","version":356}}

...

V[08:51:58.954] <<< {"id":10,"jsonrpc":"2.0","method":"textDocument/completion","params":{"context":{"triggerKind":1},"position":{"character":0,"line":2},"textDocument":{"uri":"file:///tmp/export/input_3/workspace/main.c"}}}

I[08:51:58.954] <-- textDocument/completion(10)
=================================================================
==435398==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000002500298 at pc 0x00000ba59740 bp 0x7fff57b42600 sp 0x7fff57b425f8
READ of size 1 at 0x000002500298 thread T135
    #<!-- -->0 0xba5973f in clang::clangd::CharType clang::clangd::packedLookup&lt;clang::clangd::CharType&gt;(unsigned char const*, int) /llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:152:26
    #<!-- -->1 0xba5973f in clang::clangd::calculateRoles(llvm::StringRef, llvm::MutableArrayRef&lt;clang::clangd::CharRole&gt;) /llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:168:12
    #<!-- -->2 0xbcf7d13 in clang::clangd::collectWords(llvm::StringRef) /llvm/clang-tools-extra/clangd/SourceCode.cpp:878:3
    #<!-- -->3 0xb898be4 in clang::clangd::(anonymous namespace)::CodeCompleteFlow::populateContextWords(llvm::StringRef) /llvm/clang-tools-extra/clangd/CodeComplete.cpp:1813:20
    #<!-- -->4 0xb893f07 in clang::clangd::(anonymous namespace)::CodeCompleteFlow::run(clang::clangd::(anonymous namespace)::SemaCompleteInput const&amp;) &amp;&amp; /llvm/clang-tools-extra/clangd/CodeComplete.cpp:1637:5
    #<!-- -->5 0xb893f07 in clang::clangd::codeComplete(llvm::StringRef, clang::clangd::Position, clang::clangd::PreambleData const*, clang::clangd::ParseInputs const&amp;, clang::clangd::CodeCompleteOptions, clang::clangd::SpeculativeFuzzyFind*) /llvm/clang-tools-extra/clangd/CodeComplete.cpp:2289:32
    #<!-- -->6 0xb81e59d in clang::clangd::ClangdServer::codeComplete(llvm::StringRef, clang::clangd::Position, clang::clangd::CodeCompleteOptions const&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::CodeCompleteResult&gt;)&gt;)::$_0::operator()(llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;) /llvm/clang-tools-extra/clangd/ClangdServer.cpp:460:33
    #<!-- -->7 0xb81e59d in void llvm::detail::UniqueFunctionBase&lt;void, llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;&gt;::CallImpl&lt;clang::clangd::ClangdServer::codeComplete(llvm::StringRef, clang::clangd::Position, clang::clangd::CodeCompleteOptions const&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::CodeCompleteResult&gt;)&gt;)::$_0&gt;(void*, llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;&amp;) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #<!-- -->8 0xbd25e53 in llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;)&gt;::operator()(llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #<!-- -->9 0xbd25e53 in clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;)&gt;)::$_0::operator()() /llvm/clang-tools-extra/clangd/TUScheduler.cpp:1811:5
    #<!-- -->10 0xbd25e53 in void llvm::detail::UniqueFunctionBase&lt;void&gt;::CallImpl&lt;clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;)&gt;)::$_0&gt;(void*) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #<!-- -->11 0xc0a134d in llvm::unique_function&lt;void ()&gt;::operator()() /llvm/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #<!-- -->12 0xc0a134d in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1::operator()() /llvm/clang-tools-extra/clangd/support/Threading.cpp:101:5
    #<!-- -->13 0xc0a134d in auto void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...)::operator()&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;&gt;(auto&amp;&amp;, auto&amp;&amp;...) const /llvm/llvm/include/llvm/Support/thread.h:43:11
    #<!-- -->14 0xc0a134d in auto std::__invoke_impl&lt;void, void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;&gt;(std::__invoke_other, void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...)&amp;&amp;, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61:14
    #<!-- -->15 0xc0a134d in std::__invoke_result&lt;auto, auto...&gt;::type std::__invoke&lt;void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;&gt;(auto&amp;&amp;, auto&amp;&amp;...) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:96:14
    #<!-- -->16 0xc0a134d in decltype(auto) std::__apply_impl&lt;void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&amp;, 0ul&gt;(auto&amp;&amp;, std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&amp;, std::integer_sequence&lt;unsigned long, 0ul&gt;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2302:14
    #<!-- -->17 0xc0a134d in decltype(auto) std::apply&lt;void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&amp;&gt;(auto&amp;&amp;, std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&amp;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2313:14
    #<!-- -->18 0xc0a134d in void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*) /llvm/llvm/include/llvm/Support/thread.h:41:5
    #<!-- -->19 0xc0a134d in void* llvm::thread::ThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*) /llvm/llvm/include/llvm/Support/thread.h:55:5
    #<!-- -->20 0x837269c in asan_thread_start(void*) crtstuff.c
    #<!-- -->21 0x7ffff7b0bd21 in start_thread (/lib64/libc.so.6+0x89d21) (BuildId: d78a44ae94f1d320342e0ff6c2315b2b589063f8)
    #<!-- -->22 0x7ffff7b90d3f in __GI___clone3 (/lib64/libc.so.6+0x10ed3f) (BuildId: d78a44ae94f1d320342e0ff6c2315b2b589063f8)

0x000002500298 is located 8 bytes before global variable 'clang::clangd::CharTypes' defined in '/llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:114' (0x25002a0) of size 64
0x000002500298 is located 28 bytes after global variable '__PRETTY_FUNCTION__._ZN5clang6clangd14calculateRolesEN4llvm9StringRefENS1_15MutableArrayRefINS0_8CharRoleEEE' defined in '/llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:156' (0x2500220) of size 92
  '__PRETTY_FUNCTION__._ZN5clang6clangd14calculateRolesEN4llvm9StringRefENS1_15MutableArrayRefINS0_8CharRoleEEE' is ascii string 'CharTypeSet clang::clangd::calculateRoles(llvm::StringRef, llvm::MutableArrayRef&lt;CharRole&gt;)'
SUMMARY: AddressSanitizer: global-buffer-overflow /llvm/clang-tools-extra/clangd/FuzzyMatch.cpp:152:26 in clang::clangd::CharType clang::clangd::packedLookup&lt;clang::clangd::CharType&gt;(unsigned char const*, int)
Shadow bytes around the buggy address:
  0x000002500000: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x000002500080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000002500100: 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x000002500180: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 00 06 f9 f9
  0x000002500200: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 04
=&gt;0x000002500280: f9 f9 f9[f9]00 00 00 00 00 00 00 00 f9 f9 f9 f9
  0x000002500300: 00 00 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9
  0x000002500380: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x000002500400: 00 07 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x000002500480: 06 f9 f9 f9 03 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9
  0x000002500500: 00 00 f9 f9 00 00 00 f9 f9 f9 f9 f9 00 05 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
Thread T135 created by T0 here:
    #<!-- -->0 0x835be55 in pthread_create (/llvm/build/bin/clangd+0x835be55) (BuildId: dd254a849ebc49d7)
    #<!-- -->1 0x89541e8 in llvm::llvm_execute_on_thread_impl(void* (*)(void*), void*, std::optional&lt;unsigned int&gt;) /llvm/llvm/lib/Support/Unix/Threading.inc:96:17
    #<!-- -->2 0xc0a0fc1 in llvm::thread::thread&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;(std::optional&lt;unsigned int&gt;, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;&amp;) /llvm/llvm/include/llvm/Support/thread.h:131:12
    #<!-- -->3 0xc0a0fc1 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;) /llvm/clang-tools-extra/clangd/support/Threading.cpp:107:16
    #<!-- -->4 0xbd55bb1 in clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;)&gt;) /llvm/clang-tools-extra/clangd/TUScheduler.cpp:1814:18
    #<!-- -->5 0xb835c07 in clang::clangd::ClangdServer::codeComplete(llvm::StringRef, clang::clangd::Position, clang::clangd::CodeCompleteOptions const&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::CodeCompleteResult&gt;)&gt;) /llvm/clang-tools-extra/clangd/ClangdServer.cpp:478:18
    #<!-- -->6 0xb75f4a7 in clang::clangd::ClangdLSPServer::onCompletion(clang::clangd::CompletionParams const&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::CompletionList&gt;)&gt;) /llvm/clang-tools-extra/clangd/ClangdLSPServer.cpp:1133:11
    #<!-- -->7 0xb7ca1e7 in void clang::clangd::LSPBinder::method&lt;clang::clangd::CompletionParams, clang::clangd::CompletionList, clang::clangd::ClangdLSPServer&gt;(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::CompletionParams const&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::CompletionList&gt;)&gt;))::'lambda'(llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;)::operator()(llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;) const /llvm/clang-tools-extra/clangd/LSPBinder.h:141:5
    #<!-- -->8 0xb7c9c92 in void llvm::detail::UniqueFunctionBase&lt;void, llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;&gt;::CallImpl&lt;void clang::clangd::LSPBinder::method&lt;clang::clangd::CompletionParams, clang::clangd::CompletionList, clang::clangd::ClangdLSPServer&gt;(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::CompletionParams const&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::CompletionList&gt;)&gt;))::'lambda'(llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;)&gt;(void*, llvm::json::Value&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;&amp;) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #<!-- -->9 0xb7e2d09 in llvm::unique_function&lt;void (llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;)&gt;::operator()(llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;) /llvm/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #<!-- -->10 0xb7e2d09 in clang::clangd::ClangdLSPServer::MessageHandler::onCall(llvm::StringRef, llvm::json::Value, llvm::json::Value) /llvm/clang-tools-extra/clangd/ClangdLSPServer.cpp:243:7
    #<!-- -->11 0xbb379b2 in clang::clangd::(anonymous namespace)::JSONTransport::handleMessage(llvm::json::Value, clang::clangd::Transport::MessageHandler&amp;) /llvm/clang-tools-extra/clangd/JSONTransport.cpp:194:20
    #<!-- -->12 0xbb379b2 in clang::clangd::(anonymous namespace)::JSONTransport::loop(clang::clangd::Transport::MessageHandler&amp;) /llvm/clang-tools-extra/clangd/JSONTransport.cpp:119:16
    #<!-- -->13 0xb7ecbc9 in clang::clangd::ClangdLSPServer::run() /llvm/clang-tools-extra/clangd/ClangdLSPServer.cpp:1741:25
    #<!-- -->14 0xb615935 in clang::clangd::clangdMain(int, char**) /llvm/clang-tools-extra/clangd/tool/ClangdMain.cpp:1049:28
    #<!-- -->15 0x7ffff7aab5cf in __libc_start_call_main (/lib64/libc.so.6+0x295cf) (BuildId: d78a44ae94f1d320342e0ff6c2315b2b589063f8)

==435398==ABORTING

[HighCommander4]

Where can one get a clangd build with ASAN enabled to test this?

[henryhchchc]

@HighCommander4

I compiled clangd with the following commands

git clone --depth=1 --branch=llvmorg-20.1.0 https://github.com/llvm/llvm-project.git /llvm

mkdir /llvm/build
export LLVM_ROOT=/llvm

cd /llvm/build

CC=clang CXX=clang++ CFLAGS='-fsanitize=address' CXXFLAGS='-fsanitize=address' \
  cmake $LLVM_ROOT/llvm/ \
  -DCMAKE_BUILD_TYPE=RelWithDebInfo \
  -DLLVM_ENABLE_ASSERTIONS=ON \
  -DLLVM_ENABLE_PROJECTS="clang;clang-tools-extra" \
  -DLLVM_ENABLE_LTO=true \
  -DLLVM_USE_LINKER=lld

CC=clang CXX=clang++ CFLAGS='-fsanitize=address' CXXFLAGS='-fsanitize=address' \
  cmake --build . --target clangd

Do you want me to upload the binary to facilitate testing?

[henryhchchc]

I guess it is because of the special character in the comment. I realized that it is not a Latin alphabet but U+0E01.