[cfe-dev] UBSan false positive (?) with virtual inheritance

Richard Smith via cfe-dev cfe-dev at lists.llvm.org
Fri Jan 31 19:09:09 PST 2020 

... and in fact we also generate wrong code for this example with the
sanitizers disabled -- we mark the reference parameter as
dereferenceable(sizeof(A)) rather than dereferenceable(nvsize(A)). Oops!

Fixed in master.

On Fri, 31 Jan 2020 at 09:54, Richard Smith <richard at metafoo.co.uk> wrote:

> This looks like a bug to me; it looks like we're checking for the size of
> an A being available, but should only be checking for the nvsize since we
> don't know we have an object whose most-derived type is A.
>
> On Thu, 30 Jan 2020, 23:45 Alexey Sidorin via cfe-dev, <
> cfe-dev at lists.llvm.org> wrote:
>
>> Hello everyone,
>>
>> The code example below triggers an undefined behavior sanitizer warning
>> when compiled with -O1 and higher:
>>
>>      1  struct Aux {
>>      2    virtual ~Aux() = default;
>>      3    int i = 0;
>>      4  };
>>      5
>>      6  struct Base {
>>      7    virtual ~Base() = default;
>>      8  };
>>      9
>>     10  struct A : public virtual Base, public Aux {};
>>     11
>>     12  struct B final : public virtual A {};
>>     13
>>     14  void check(const A &a) {}
>>     15
>>     16  int main() {
>>     17    B b;
>>     18    check(b); // UBSan warns here
>>     19    return 0;
>>     20  }
>>
>> When compiled with -fsanitize=undefined:
>>
>> example.cpp:18:9: runtime error: reference binding to address
>> 0x7ffe652149c8 with insufficient space for an object of type 'const A'
>>
>> When compiled with -fsanitize=object-size:
>> example.cpp:12:8: runtime error: constructor call on address
>> 0x7ffc7988a2e0 with insufficient space for an object of type 'A'
>>
>> example.cpp:18:9: runtime error: reference binding to address
>> 0x7ffc7988a2e0 with insufficient space for an object of type 'const A'
>>
>> Could someone tell if it is a sanitizer false positive or does this case
>> actually contains a kind of UB? GCC doesn't give any warning for this code.
>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200131/25d489a1/attachment.html>

More information about the cfe-dev mailing list