[PATCH] [comiler-rt/ubsan] getVtablePrefix must not sanity-check on Prefix->Offset > 0
Stephan Bergmann
sbergman at redhat.com
Fri Jul 3 00:22:32 PDT 2015
ping^6
On 06/26/2015 08:57 AM, Stephan Bergmann wrote:
> ping1^5
>
> On 06/19/2015 02:02 PM, Stephan Bergmann wrote:
>> ping^4
>>
>> On 06/05/2015 07:06 PM, David Blaikie wrote:
>>> On Fri, Jun 5, 2015 at 10:02 AM, Alexey Samsonov <vonosmas at gmail.com
>>> <mailto:vonosmas at gmail.com>> wrote:
>>>
>>> I referred to David Majnemer, who touched this code a while ago. But
>>> thanks for suggesting help :)
>>>
>>>
>>> Ah, +Majnemer.
>>>
>>> - Dave
>>>
>>>
>>> On Fri, Jun 5, 2015 at 8:26 AM, David Blaikie <dblaikie at gmail.com
>>> <mailto:dblaikie at gmail.com>> wrote:
>>>
>>>
>>>
>>> On Thu, Jun 4, 2015 at 5:52 PM, Alexey Samsonov
>>> <vonosmas at gmail.com <mailto:vonosmas at gmail.com>> wrote:
>>>
>>> Richard or David, do you want to look into this, or you'd
>>> prefer to leave this for me?
>>>
>>>
>>> I can't say I have much more context in vtable layout & C++ ABI
>>> than you do, most likely. Happy to bounce some the ideas around
>>> in person if that's helpful.
>>>
>>> - David
>>>
>>>
>>> On Tue, Jun 2, 2015 at 3:32 AM, Stephan Bergmann
>>> <sbergman at redhat.com <mailto:sbergman at redhat.com>> wrote:
>>>
>>> ping^3
>>>
>>>
>>> On 12/16/2014 10:52 AM, Stephan Bergmann wrote:
>>>
>>> ping
>>> On 12/05/2014 09:33 AM, Stephan Bergmann wrote:
>>>
>>> ping
>>> On 08/12/2014 09:10 PM, Alexey Samsonov wrote:
>>>
>>> +Richard
>>>
>>>
>>> On Tue, Aug 12, 2014 at 3:51 AM, Stephan
>>> Bergmann <sbergman at redhat.com
>>> <mailto:sbergman at redhat.com>
>>> <mailto:sbergman at redhat.com
>>> <mailto:sbergman at redhat.com>>> wrote:
>>>
>>> On 08/11/2014 10:19 PM, Alexey Samsonov
>>> wrote:
>>>
>>> +Richard
>>>
>>> Note, that you'd also have to
>>> update comment for
>>> VtablePrefix::Offset field.
>>>
>>>
>>> ah, right; updated patch
>>>
>>> Stephan
>>>
>>> On Mon, Aug 11, 2014 at 6:30 AM,
>>> Stephan Bergmann
>>> <sbergman at redhat.com
>>> <mailto:sbergman at redhat.com>
>>> <mailto:sbergman at redhat.com
>>> <mailto:sbergman at redhat.com>>
>>> <mailto:sbergman at redhat.com
>>> <mailto:sbergman at redhat.com>
>>> <mailto:sbergman at redhat.com
>>> <mailto:sbergman at redhat.com>>>>
>>> wrote:
>>>
>>> At least with recent Clang
>>> trunk on Linux x86_64:
>>>
>>> $ cat test.cc
>>> #include <iostream>
>>> struct A { virtual ~A()
>>> {} };
>>> struct B: virtual A {};
>>> struct C: virtual A { ~C()
>>> { std::cout << '\n'; } };
>>> struct D: virtual B,
>>> virtual C {};
>>> int main() { delete new
>>> D; }
>>>
>>> $ clang++
>>> -fsanitize=undefined test.cc
>>>
>>> $ ./a.out
>>> <unknown>: runtime error:
>>> member call on address
>>> 0x000002a35010
>>> which does not point to an
>>> object of type 'A'
>>> 0x000002a35010: note:
>>> object has invalid vptr
>>> 00 00 00 00 58 0e 43 00
>>> 00 00 00 00 30 0e 43 00 00
>>> 00 00 00
>>> 00 00 00 00 00 00 00 00
>>> e1 0f 02 00
>>>
>>> ^~~~~~~~~~~~~~~~~~~~~~~
>>> invalid
>>> vptr
>>>
>>>
>>> The problem is that
>>> getVtablePrefix
>>> (lib/ubsan/ubsan_type_hash.cc)
>>> rejects any VtablePrefix with
>>> Offset > 0 as "This can't
>>> possibly be
>>> a valid vtable" but, according
>>> to the Itanium ABI, "in some
>>> construction virtual tables
>>> will some virtual base virtual
>>> tables
>>> have positive offsets."
>>>
>>> The apparent fix is to remove
>>> the check, see the attached
>>> getVtablePrefix.patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: getVtablesPrefix.patch
Type: text/x-patch
Size: 925 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150703/f969bbc7/attachment.bin>
More information about the llvm-commits
mailing list