[cfe-dev] UBSan false positive (?) with virtual inheritance

[Richard Smith via cfe-dev]

This looks like a bug to me; it looks like we're checking for the size of
an A being available, but should only be checking for the nvsize since we
don't know we have an object whose most-derived type is A.

On Thu, 30 Jan 2020, 23:45 Alexey Sidorin via cfe-dev, <
cfe-dev at lists.llvm.org> wrote:

> Hello everyone,
>
> The code example below triggers an undefined behavior sanitizer warning
> when compiled with -O1 and higher:
>
>      1  struct Aux {
>      2    virtual ~Aux() = default;
>      3    int i = 0;
>      4  };
>      5
>      6  struct Base {
>      7    virtual ~Base() = default;
>      8  };
>      9
>     10  struct A : public virtual Base, public Aux {};
>     11
>     12  struct B final : public virtual A {};
>     13
>     14  void check(const A &a) {}
>     15
>     16  int main() {
>     17    B b;
>     18    check(b); // UBSan warns here
>     19    return 0;
>     20  }
>
> When compiled with -fsanitize=undefined:
>
> example.cpp:18:9: runtime error: reference binding to address
> 0x7ffe652149c8 with insufficient space for an object of type 'const A'
>
> When compiled with -fsanitize=object-size:
> example.cpp:12:8: runtime error: constructor call on address
> 0x7ffc7988a2e0 with insufficient space for an object of type 'A'
>
> example.cpp:18:9: runtime error: reference binding to address
> 0x7ffc7988a2e0 with insufficient space for an object of type 'const A'
>
> Could someone tell if it is a sanitizer false positive or does this case
> actually contains a kind of UB? GCC doesn't give any warning for this code.
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200131/febffbfc/attachment.html>