[LLVMbugs] [Bug 19302] New: Undefined behavior in v1/__tree and v1/list

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue Apr 1 13:32:04 PDT 2014


http://llvm.org/bugs/show_bug.cgi?id=19302

            Bug ID: 19302
           Summary: Undefined behavior in v1/__tree and v1/list
           Product: libc++
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: octoploid at yandex.com
                CC: llvmbugs at cs.uiuc.edu, mclow.lists at gmail.com
    Classification: Unclassified

While debugging a gold linker issue I came across the following 
-fsanitize=undefined  runtime error:

/usr/include/c++/v1/list:218:19: runtime error: downcast of address
0x7fffa93b8e88 with insufficient space for an object of type
'std::__1::__list_node<gold::Output_section::
Input_section, void *>'
0x7fffa93b8e88: note: pointer points here
 00 00 00 00  50 94 3b a9 ff 7f 00 00  20 3b d1 02 00 00 00 00  00 00 00 81 ff
ff ff ff  01 00 00 00
              ^ 
/usr/include/c++/v1/list:219:19: runtime error: downcast of address
0x7fffa93b8e88 with insufficient space for an object of type
'std::__1::__list_node<gold::Output_section::
Input_section, void *>'
0x7fffa93b8e88: note: pointer points here
 00 00 00 00  88 8e 3b a9 ff 7f 00 00  20 3b d1 02 00 00 00 00  00 00 00 81 ff
ff ff ff  01 00 00 00
              ^ 
/usr/include/c++/v1/list:592:25: runtime error: downcast of address
0x7fffa93b8ed0 with insufficient space for an object of type
'std::__1::__list_node<gold::Output_section::Input_section, void *>'
0x7fffa93b8ed0: note: pointer points here
 ff 7f 00 00  30 2e 04 03 00 00 00 00  30 2e 04 03 00 00 00 00  01 00 00 00 00
00 00 00  70 89 65 03
              ^ 
/usr/include/c++/v1/__tree:834:16: runtime error: downcast of address
0x7fffa93b8e00 with insufficient space for an object of type
'std::__1::__tree_node<std::__1::__value_type<std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char> >, gold::Output_segment
*>, void *>'
0x7fffa93b8e00: note: pointer points here
 00 00 00 00  40 21 0a 03 00 00 00 00  05 00 00 00 00 00 00 00  00 00 00 00 00
00 00 00  00 00 00 00

See: http://lists.cs.uiuc.edu/pipermail/cfe-dev/2013-August/031213.html
for an analysis of the issue by Richard Smith.

Basically one should use use reinterpret_cast instead of static_cast to
avoid the undefined behavior.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140401/7c97b603/attachment.html>


More information about the llvm-bugs mailing list