>There are no memory errors reported by the sanitized tcc compiler.
>So how can I reproduce this?
Forgot to mention that this leak was initially observed when compiling to a
memory target using libtcc, with backtrace enabled and stabs debug symbols
generated.
But I don’t see any reason this behavior would differ when compiling with the
tcc executable, so I tested it there as well — and the bug is reproducible
using the "-g -bt" options. (without debug symbols or backtrace, the memory
limit is rarely reached, so the leak does not appear.)
I have not yet tested with backtrace disabled, so please make sure to build TCC
with "--config-backtrace=yes" configure option when reproducing.
The macro string needs to be large enough for the reallocator to switch to the
native allocator (via default_reallocator).
I haven’t yet traced why the memory limit is hit so quickly when debug symbols
and backtrace information are enabled, but I probably the debug symbol
allocations also use the TAL allocator, which could fill the memory pool faster.
That said, this is still speculation — I haven’t traced the stabs debug
handling or creation paths at all yet.
In my local setup, the issue can be reproduced with the following code:
----------
#define cl_inst(cl) \
void $_##cl##_ctor(void* addr) { cl obj = (cl)addr; obj->$meta = $_##cl##_OM; }
\
void $_##cl##_hx_construct(cl this, int i, float f, bool b) { this->iValue = i;
this->fValue = f; this->bValue = b; } \
static inline cl $_new_##cl() { return
$_new($_##cl##_OM->size,#cl,$_##cl##_ctor); } \
static const int $_sMemberFields[] = { \
{&OS_STRING_S("iValue",0), 1,offsetof(obj,name)}, \
{&OS_STRING_S("fValue",0), 2,offsetof(obj,type)}, \
{&OS_STRING_S("bValue",0), 3,offsetof(obj,offset)}, \
{0} \
}; \
#line 1 ""
cl_inst(int);
---------
Compile the above code with address sanitizer enabled TCC, using the "-g -bt"
arguments
Lioric
________________________________
From: [email protected]
<[email protected]> on behalf of Herman
ten Brugge via Tinycc-devel <[email protected]>
Sent: Sunday, October 12, 2025 6:28 AM
To: [email protected] <[email protected]>
Cc: Herman ten Brugge <[email protected]>
Subject: Re: [Tinycc-devel] [BUG] Memory leak on token error during macro
argument substitution
Op 11-10-2025 om 23:00 schreef Lioric Z3:
There is a memory leak path in the preprocessor (file tccpp.c). The traced path
was specifically within the macro argument substitution logic in
macro_arg_subst function, but other paths seem to be affected as well, like
"expr_preprocess" where token string re/allocations are performed as well,
while holding the reallocated pointer in the stack only.
The leak occurs (on the traced path) when a syntax or token error is
encountered during the expansion of a macro argument, and the program exits the
current scope non-locally via an assertion ("expect" assert).
The code path is:
File: tccpp.c
Function: macro_arg_subst
The specific call chain: macro_arg_subst -> tok_str_add2 -> tok_str_realloc ->
tal_realloc_impl
The error exit: An assertion or token expectation failure, such as expect(...),
which calls tcc_error().
I made a simple testcase:
#define str(x) #
str()
And compiled with tcc_s (make sani-test creates this).
The output is:
2: error: macro parameter after '#' expected
There are no memory errors reported by the sanitized tcc compiler.
So how can I reproduce this?
Herman
_______________________________________________
Tinycc-devel mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/tinycc-devel
