[libcxx-commits] [PATCH] D82627: Fix CFI issues in <future>

Brandon Tolsch via Phabricator via libcxx-commits libcxx-commits at lists.llvm.org
Fri Jun 26 01:36:33 PDT 2020 

btolsch created this revision.
btolsch added a reviewer: eugenis.
Herald added a project: libc++.
Herald added a subscriber: libcxx-commits.
Herald added a reviewer: libc++.
btolsch edited the summary of this revision.
btolsch marked an inline comment as done.
btolsch added a comment.

F12243471: cfi_test.sh <https://reviews.llvm.org/F12243471>

F12243470: cfi_test.cc <https://reviews.llvm.org/F12243470>

I attached a small repro case, but I don't know if there's a way to make this into a unit test.  LMK if that's something you want and where I would add it.  Also, I wasn't able to get any of the clang-format tools to work, and just running clang-format with the included .clang-format of the repo completely changed the whole file.  I think I kept the diff in the existing style though.  Lastly, I ran `make check-cxx` and that passed.



================
Comment at: libcxx/include/future:1756
     virtual ~__packaged_task_base() {}
-    virtual void __move_to(__packaged_task_base*) _NOEXCEPT = 0;
+    virtual void __move_to(void*) _NOEXCEPT = 0;
     virtual void destroy() = 0;
----------------
I expect this may be the more contentious part of the change.  The implementation is doing a placement new, which is initializing the memory, so there seems to be no way to make CFI okay with calling this a `__packaged_task_base*` when it //can't// be initialized before this point.


This change fixes errors reported by Control Flow Integrity (CFI) checking when using `std::packaged_task`.  The errors mostly stem from casting the underlying storage (`__buf_`) to `__base*`, even if it is uninitialized.  The solutions are mostly to use `void*` for pure pointer comparison and initialize `__buf_` before casting to `__base*`.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D82627

Files:
  libcxx/include/future

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D82627.273606.patch
Type: text/x-patch
Size: 4296 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libcxx-commits/attachments/20200626/64bd41d0/attachment-0001.bin>

More information about the libcxx-commits mailing list