<div dir="ltr">+Hans, Richard<div><br></div><div>Is it too late to merge this into 3.7rc2? This patch should be relatively safe, and fixes a bug that was reported looong time ago.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 5, 2015 at 12:35 PM, Alexey Samsonov <span dir="ltr"><<a href="mailto:vonosmas@gmail.com" target="_blank">vonosmas@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: samsonov<br>
Date: Wed Aug  5 14:35:46 2015<br>
New Revision: 244101<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=244101&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=244101&view=rev</a><br>
Log:<br>
[UBSan] Fix UBSan-vptr false positive.<br>
<br>
Offset from vptr to the start of most-derived object can actually<br>
be positive in some virtual base class vtables.<br>
<br>
Patch by Stephan Bergmann!<br>
<br>
Added:<br>
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp<br>
Modified:<br>
    compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc<br>
<br>
Modified: compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc?rev=244101&r1=244100&r2=244101&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc?rev=244101&r1=244100&r2=244101&view=diff</a><br>
==============================================================================<br>
--- compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc (original)<br>
+++ compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc Wed Aug  5 14:35:46 2015<br>
@@ -185,8 +185,8 @@ namespace {<br>
<br>
 struct VtablePrefix {<br>
   /// The offset from the vptr to the start of the most-derived object.<br>
-  /// This should never be greater than zero, and will usually be exactly<br>
-  /// zero.<br>
+  /// This will only be greater than zero in some virtual base class vtables<br>
+  /// used during object con-/destruction, and will usually be exactly zero.<br>
   sptr Offset;<br>
   /// The type_info object describing the most-derived class type.<br>
   std::type_info *TypeInfo;<br>
@@ -196,7 +196,7 @@ VtablePrefix *getVtablePrefix(void *Vtab<br>
   if (!Vptr)<br>
     return 0;<br>
   VtablePrefix *Prefix = Vptr - 1;<br>
-  if (Prefix->Offset > 0 || !Prefix->TypeInfo)<br>
+  if (!Prefix->TypeInfo)<br>
     // This can't possibly be a valid vtable.<br>
     return 0;<br>
   return Prefix;<br>
<br>
Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp?rev=244101&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp?rev=244101&view=auto</a><br>
==============================================================================<br>
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp (added)<br>
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp Wed Aug  5 14:35:46 2015<br>
@@ -0,0 +1,13 @@<br>
+// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr %s -o %t<br>
+// RUN: %run %t<br>
+<br>
+// REQUIRES: cxxabi<br>
+<br>
+int volatile n;<br>
+<br>
+struct A { virtual ~A() {} };<br>
+struct B: virtual A {};<br>
+struct C: virtual A { ~C() { n = 0; } };<br>
+struct D: virtual B, virtual C {};<br>
+<br>
+int main() { delete new D; }<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Alexey Samsonov<br><a href="mailto:vonosmas@gmail.com" target="_blank">vonosmas@gmail.com</a></div></div>
</div>