[cfe-dev] boost serialization crash with clang 5.0.0

陳韋任 via cfe-dev cfe-dev at lists.llvm.org
Fri Sep 22 06:17:00 PDT 2017 

[1] and [2] seems to be related to your case. I try add
-fcatch-undefined-behavior on https://godbolt.org/g/L7zC82 , and get
compilation failure. If the code does have undefined behavior, the
code should be fixed.

[1] http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_14.html
[2] https://blog.regehr.org/archives/970

Regards,
chenwj


2017-09-22 19:00 GMT+08:00 Malcolm Parsons via cfe-dev <cfe-dev at lists.llvm.org>:
> Hi,
>
> I tried to upgrade to clang 5.0.0 and found that a program that uses
> the boost serialization library crashes with a null pointer
> dereference during serialization.
>
> The relevant part of boost serialization (from
> https://github.com/boostorg/serialization/blob/develop/include/boost/archive/detail/oserializer.hpp)
> is:
>
>     template<class T>
>     static const basic_pointer_oserializer * register_type(Archive
> &ar, T & /*t*/){
>         // there should never be any need to save an abstract polymorphic
>         // class pointer.  Inhibiting code generation for this
>         // permits abstract base classes to be used - note: exception
>         // virtual serialize functions used for plug-ins
>         typedef
>             typename mpl::eval_if<
>                 boost::serialization::is_abstract< T >,
>                 mpl::identity<abstract>,
>                 mpl::identity<non_abstract>
>             >::type typex;
>         return typex::template register_type< T >(ar);
>     }
>
>     template<class TPtr>
>     static void invoke(Archive &ar, const TPtr t){
>         register_type(ar, * t);
>         if(NULL == t){
>             basic_oarchive & boa
>                 =
> boost::serialization::smart_cast_reference<basic_oarchive &>(ar);
>             boa.save_null_pointer();
>             save_access::end_preamble(ar);
>             return;
>         }
>         save(ar, * t);
>     }
>
> Clang 5.0.0 removes the check for a null pointer.
> GCC 7.2 and Clang 4.0.1 keep the check
>
> I see that t is dereferenced before the null check, but memory isn't
> actually accessed until afterwards.
>
> Simplified reproduction: https://godbolt.org/g/L7zC82
>
> Is this a bug in clang 5.0.0, or in boost serialization?
>
> --
> Malcolm Parsons
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev



-- 
Wei-Ren Chen (陳韋任)
Homepage: https://people.cs.nctu.edu.tw/~chenwj

More information about the cfe-dev mailing list