[cfe-dev] boost serialization crash with clang 5.0.0

[Curdeius Curdeius via cfe-dev]

Hi Malcolm,

>From my perspective, it seems to be an undefined behaviour anyway, so a bug
in Boost.Serialization.
At least, that's how I interpret [dcl.ref] "References" (11.3.2 in latest
draft), paragraph 5:

[ Note: In particular, a null reference cannot exist in a well-defined
program, because the only way to create such a reference would be to bind
it to the “object” obtained by indirection through a null pointer, which
causes undefined behavior. ... ]

Here, the null reference created from `*t` may technically exist in
`register_type`, even if it's not used, so I'd argue that clang's 5
conclusion about UB is correct. Even more, that's already the "indirection
through a null pointer" that causes UB.

On the other hand, decltype is a pure-type manipulation, therefore there is
no possible UB.

A small fix does the job: https://godbolt.org/g/mSLgqr.
Using `decltype(*t)` instead of passing `*t` as argument does not provoke
the same behaviour.

The relevant snippet with changes:

template<class T, class U = typename remove_reference<T>::type>
static void register_type(Archive &ar){
non_abstract::template register_type<U>(ar);
}

template<class TPtr>
static void invoke(Archive &ar, const TPtr t){
register_type<decltype(*t)>(ar);
if(NULL == t) {
ar.save_null_pointer();
return;
}
save(ar, * t);
}

Best regards,
Marek Kurdej

From: Malcolm Parsons via cfe-dev <cfe-dev at lists.llvm.org>
> To: cfe-dev <cfe-dev at lists.llvm.org>
> Cc: ramey at rrsd.com
> Bcc:
> Date: Fri, 22 Sep 2017 12:00:26 +0100
> Subject: [cfe-dev] boost serialization crash with clang 5.0.0
> Hi,
>
> I tried to upgrade to clang 5.0.0 and found that a program that uses
> the boost serialization library crashes with a null pointer
> dereference during serialization.
>
-- 
Marek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170922/c583462f/attachment.html>