[LLVMbugs] [Bug 22680] New: TestCases/TypeCheck/vptr.cpp failed with -m32

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue Feb 24 13:06:21 PST 2015


http://llvm.org/bugs/show_bug.cgi?id=22680

            Bug ID: 22680
           Summary: TestCases/TypeCheck/vptr.cpp failed with -m32
           Product: compiler-rt
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: compiler-rt
          Assignee: unassignedbugs at nondot.org
          Reporter: hjl.tools at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

On Linux/x86-64, I got

[hjl at gnu-mic-2 bin]$
/export/build/gnu/llvm-clang/build-x86_64-linux/./bin/clang -m32
--driver-mode=g++ -fsanitize=address  -frtti -fsanitize=vptr -g
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp
-O3 -o
/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:51:12:
warning: 
      direct base 'S' is inaccessible due to ambiguity:
    struct U -> struct S
    struct U -> struct T -> struct S [-Winaccessible-base]
struct U : S, T { virtual int v() { return 2; } };
           ^
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:93:9:
warning: 
      'reinterpret_cast' from class 'U *' to its base at non-zero offset 'T *'
      behaves differently from 'static_cast' [-Wreinterpret-base-class]
    p = reinterpret_cast<T*>(new U);
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:93:9:
note: 
      use 'static_cast' to adjust the pointer correctly while upcasting
    p = reinterpret_cast<T*>(new U);
        ^~~~~~~~~~~~~~~~
        static_cast
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:153:12:
warning: 
      'reinterpret_cast' to class 'U *' from its base at non-zero offset 'T *'
      behaves differently from 'static_cast' [-Wreinterpret-base-class]
    return reinterpret_cast<U*>(p)->v() - 2;
           ^~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:153:12:
note: 
      use 'static_cast' to adjust the pointer correctly while downcasting
    return reinterpret_cast<U*>(p)->v() - 2;
           ^~~~~~~~~~~~~~~~
           static_cast
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:162:5:
warning: 
      expression result unused [-Wunused-value]
    static_cast<T*>(reinterpret_cast<S*>(p));
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:165:1:
warning: 
      control may reach end of non-void function [-Wreturn-type]
}
^
5 warnings generated.
[hjl at gnu-mic-2 bin]$
UBSAN_OPTIONS="suppressions='/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp.supp':halt_on_error=1"

/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp
mS 2>&1
=================================================================
==30899==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf5d007f8 at
pc 0x0813f3f6 bp 0xff844ad8 sp 0xff844acc
READ of size 4 at 0xf5d007f8 thread T0
    #0 0x813f3f5 in access_p(T*, char)
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:128:15
    #1 0x813e336 in main
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:97:3
    #2 0x46742b22 in __libc_start_main (/lib/libc.so.6+0x46742b22)
    #3 0x805d16f in _start
(/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp+0x805d16f)

0xf5d007f8 is located 0 bytes to the right of 8-byte region
[0xf5d007f0,0xf5d007f8)
allocated by thread T0 here:
    #0 0x8136724 in operator new(unsigned int)
/export/gnu/import/git/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:62
    #1 0x813e07f in main
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:84:30
    #2 0x46742b22 in __libc_start_main (/lib/libc.so.6+0x46742b22)

SUMMARY: AddressSanitizer: heap-buffer-overflow
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:128
access_p(T*, char)
Shadow bytes around the buggy address:
  0x3eba00a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x3eba00b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x3eba00c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x3eba00d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x3eba00e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x3eba00f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00[fa]
  0x3eba0100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x3eba0110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x3eba0120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x3eba0130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x3eba0140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==30899==ABORTING
[hjl at gnu-mic-2 bin]$
/export/build/gnu/llvm-clang/build-x86_64-linux/./bin/clang -m64
--driver-mode=g++ -fsanitize=address  -frtti -fsanitize=vptr -g
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp
-O3 -o
/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:51:12:
warning: 
      direct base 'S' is inaccessible due to ambiguity:
    struct U -> struct S
    struct U -> struct T -> struct S [-Winaccessible-base]
struct U : S, T { virtual int v() { return 2; } };
           ^
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:93:9:
warning: 
      'reinterpret_cast' from class 'U *' to its base at non-zero offset 'T *'
      behaves differently from 'static_cast' [-Wreinterpret-base-class]
    p = reinterpret_cast<T*>(new U);
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:93:9:
note: 
      use 'static_cast' to adjust the pointer correctly while upcasting
    p = reinterpret_cast<T*>(new U);
        ^~~~~~~~~~~~~~~~
        static_cast
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:153:12:
warning: 
      'reinterpret_cast' to class 'U *' from its base at non-zero offset 'T *'
      behaves differently from 'static_cast' [-Wreinterpret-base-class]
    return reinterpret_cast<U*>(p)->v() - 2;
           ^~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:153:12:
note: 
      use 'static_cast' to adjust the pointer correctly while downcasting
    return reinterpret_cast<U*>(p)->v() - 2;
           ^~~~~~~~~~~~~~~~
           static_cast
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:162:5:
warning: 
      expression result unused [-Wunused-value]
    static_cast<T*>(reinterpret_cast<S*>(p));
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:165:1:
warning: 
      control may reach end of non-void function [-Wreturn-type]
}
^
5 warnings generated.
[hjl at gnu-mic-2 bin]$
UBSAN_OPTIONS="suppressions='/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp.supp':halt_on_error=1"

/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp
mS 2>&1
[hjl at gnu-mic-2 bin]$

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150224/7e6c49dc/attachment.html>


More information about the llvm-bugs mailing list