[PATCH] [comiler-rt/ubsan] getVtablePrefix must not sanity-check on Prefix->Offset > 0
Alexey Samsonov
vonosmas at gmail.com
Mon Aug 11 13:19:12 PDT 2014
+Richard
Note, that you'd also have to update comment for VtablePrefix::Offset field.
On Mon, Aug 11, 2014 at 6:30 AM, Stephan Bergmann <sbergman at redhat.com>
wrote:
> At least with recent Clang trunk on Linux x86_64:
>
> $ cat test.cc
>> #include <iostream>
>> struct A { virtual ~A() {} };
>> struct B: virtual A {};
>> struct C: virtual A { ~C() { std::cout << '\n'; } };
>> struct D: virtual B, virtual C {};
>> int main() { delete new D; }
>>
>> $ clang++ -fsanitize=undefined test.cc
>>
>> $ ./a.out
>> <unknown>: runtime error: member call on address 0x000002a35010 which
>> does not point to an object of type 'A'
>> 0x000002a35010: note: object has invalid vptr
>> 00 00 00 00 58 0e 43 00 00 00 00 00 30 0e 43 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 e1 0f 02 00
>> ^~~~~~~~~~~~~~~~~~~~~~~
>> invalid vptr
>>
>
> The problem is that getVtablePrefix (lib/ubsan/ubsan_type_hash.cc) rejects
> any VtablePrefix with Offset > 0 as "This can't possibly be a valid vtable"
> but, according to the Itanium ABI, "in some construction virtual tables
> will some virtual base virtual tables have positive offsets."
>
> The apparent fix is to remove the check, see the attached
> getVtablePrefix.patch.
>
> Stephan
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
>
--
Alexey Samsonov
vonosmas at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20140811/1e1134b1/attachment.html>
More information about the llvm-commits
mailing list