Skip to content

LSP crashes on textDocument/hover #15977

New issue
New issue
Open
Open
LSP crashes on textDocument/hover#15977
Labels
bug 🐛
@henryhchchc

Description

@henryhchchc
henryhchchc
opened on Apr 3, 2025

Description

solc LSP mode crashes textDocument/hover with certain code snippets. Possibly due to null pointer dereference.

Environment

  • Compiler version: 0.8.29-develop.2025.4.3+commit.ab55807c.Linux.clang
  • Compilation pipeline (legacy, IR, EOF): LSP
  • Target EVM version (as per compiler settings): N/A
  • Framework/IDE (e.g. Foundry, Hardhat, Remix): LSP
  • EVM execution environment / backend / blockchain client: N/A
  • Operating system: AlmaLinux 9.5

Steps to Reproduce

  1. Setup solc --lsp as language server in any text editor (e.g., neovim).
  2. Create main.sol with the following code and open it.
  3. Hover on the S in the function argument list.
  4. solc crashes
contract C {
    struct S { uint256[2**255] x; }
    function f(S storage) internal {}
} //           ^
  //           Hover here

The request lead to the crash is as follows

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "textDocument/hover",
  "params": {
    "textDocument": {
      "uri": "file:///path/to/main.sol"
    },
    "position": {
      "line": 2,
      "character": 15
    }
  }
}

The crash stack is as follows

==495==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x00000195aa4c bp 0x7fffe7e75e90 sp 0x7fffe7e75d80 T0)
==495==The signal is caused by a READ memory access.
==495==Hint: address points to the zero page.
    #0 0x195aa4c in std::__shared_ptr<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, (__gnu_cxx::_Lock_policy)2>::operator bool() const /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/shared_ptr_base.h:1670:16
    #1 0x195aa4c in solidity::lsp::DocumentHoverHandler::operator()(nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std:
:char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, st
d::allocator<unsigned char>>, void>, nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits<char>, std::alloca
tor<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocator<unsigned char>>, v
oid> const&) /src/libsolidity/lsp/DocumentHoverHandler.cpp:92:11
    #2 0x19427fb in void std::__invoke_impl<void, solidity::lsp::DocumentHoverHandler&, nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::bas
ic_string<char, std::char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vect
or<unsigned char, std::allocator<unsigned char>>, void>, nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_trait
s<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocato
r<unsigned char>>, void> const&>(std::__invoke_other, solidity::lsp::DocumentHoverHandler&, nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11:
:basic_string<char, std::char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocator<unsigned char>>, void>&&, nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocator<unsigned char>>, void> const&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61:14
    #3 0x194c4a5 in std::function<void (nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocator<unsigned char>>, void>, nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocator<unsigned char>>, void> const&)>::operator()(nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocator<unsigned char>>, void>, nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocator<unsigned char>>, void> const&) const /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/std_function.h:591:9
    #4 0x194c4a5 in solidity::lsp::LanguageServer::run() /src/libsolidity/lsp/LanguageServer.cpp:351:6
    #5 0xadcedf in solidity::frontend::CommandLineInterface::serveLSP() /src/solc/CommandLineInterface.cpp:1183:38
    #6 0xadaee1 in solidity::frontend::CommandLineInterface::processInput() /src/solc/CommandLineInterface.cpp:848:3
    #7 0xad7403 in solidity::frontend::CommandLineInterface::run(int, char const* const*) /src/solc/CommandLineInterface.cpp:766:3
    #8 0xa494f0 in main /src/solc/main.cpp:40:14
    #9 0x7f710aa095cf in __libc_start_call_main (/lib64/libc.so.6+0x295cf) (BuildId: 7a40a22c9a82854f3d66767232ae364a99174860)
    #10 0x7f710aa0967f in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2967f) (BuildId: 7a40a22c9a82854f3d66767232ae364a99174860)
    #11 0x826e74 in _start (/src/build/bin/solc+0x826e74) (BuildId: 3bda3c967a01aaf6)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /src/libsolidity/lsp/DocumentHoverHandler.cpp:92:11 in solidity::lsp::DocumentHoverHandler::operator()(nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocator<unsigned char>>, void>, nlohmann::json_abi_v3_11_3::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, bool, long, unsigned long, double, std::allocator, nlohmann::json_abi_v3_11_3::adl_serializer, std::vector<unsigned char, std::allocator<unsigned char>>, void> const&)
==495==ABORTING

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug 🐛

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions