[PATCH] [comiler-rt/ubsan] getVtablePrefix must not sanity-check on Prefix->Offset > 0
Stephan Bergmann
sbergman at redhat.com
Mon Aug 11 06:30:35 PDT 2014
At least with recent Clang trunk on Linux x86_64:
> $ cat test.cc
> #include <iostream>
> struct A { virtual ~A() {} };
> struct B: virtual A {};
> struct C: virtual A { ~C() { std::cout << '\n'; } };
> struct D: virtual B, virtual C {};
> int main() { delete new D; }
>
> $ clang++ -fsanitize=undefined test.cc
>
> $ ./a.out
> <unknown>: runtime error: member call on address 0x000002a35010 which does not point to an object of type 'A'
> 0x000002a35010: note: object has invalid vptr
> 00 00 00 00 58 0e 43 00 00 00 00 00 30 0e 43 00 00 00 00 00 00 00 00 00 00 00 00 00 e1 0f 02 00
> ^~~~~~~~~~~~~~~~~~~~~~~
> invalid vptr
The problem is that getVtablePrefix (lib/ubsan/ubsan_type_hash.cc)
rejects any VtablePrefix with Offset > 0 as "This can't possibly be a
valid vtable" but, according to the Itanium ABI, "in some construction
virtual tables will some virtual base virtual tables have positive offsets."
The apparent fix is to remove the check, see the attached
getVtablePrefix.patch.
Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: getVtablePrefix.patch
Type: text/x-patch
Size: 450 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20140811/5095ecf8/attachment.bin>
More information about the llvm-commits
mailing list