[PATCH] [comiler-rt/ubsan] getVtablePrefix must not sanity-check on Prefix->Offset > 0

Stephan Bergmann sbergman at redhat.com
Tue Aug 12 03:51:42 PDT 2014


On 08/11/2014 10:19 PM, Alexey Samsonov wrote:
> +Richard
>
> Note, that you'd also have to update comment for VtablePrefix::Offset field.

ah, right; updated patch

Stephan

> On Mon, Aug 11, 2014 at 6:30 AM, Stephan Bergmann <sbergman at redhat.com
> <mailto:sbergman at redhat.com>> wrote:
>
>     At least with recent Clang trunk on Linux x86_64:
>
>         $ cat test.cc
>         #include <iostream>
>         struct A { virtual ~A() {} };
>         struct B: virtual A {};
>         struct C: virtual A { ~C() { std::cout << '\n'; } };
>         struct D: virtual B, virtual C {};
>         int main() { delete new D; }
>
>         $ clang++ -fsanitize=undefined test.cc
>
>         $ ./a.out
>         <unknown>: runtime error: member call on address 0x000002a35010
>         which does not point to an object of type 'A'
>         0x000002a35010: note: object has invalid vptr
>           00 00 00 00  58 0e 43 00 00 00 00 00  30 0e 43 00 00 00 00 00
>           00 00 00 00 00 00 00 00  e1 0f 02 00
>                        ^~~~~~~~~~~~~~~~~~~~~~~
>                        invalid vptr
>
>
>     The problem is that getVtablePrefix (lib/ubsan/ubsan_type_hash.cc)
>     rejects any VtablePrefix with Offset > 0 as "This can't possibly be
>     a valid vtable" but, according to the Itanium ABI, "in some
>     construction virtual tables will some virtual base virtual tables
>     have positive offsets."
>
>     The apparent fix is to remove the check, see the attached
>     getVtablePrefix.patch.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: getVtablesPrefix.patch
Type: text/x-patch
Size: 925 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20140812/df0c175d/attachment.bin>


More information about the llvm-commits mailing list