[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)
Tavian Barnes via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Thu Sep 12 11:45:08 PDT 2024
tavianator wrote:
Here's the new testcase. Not sure if this bug is related or not. It has to do with `memcpy()`; if you replace the call with the commented-out line above it, it works.
```c
struct node {
struct node *next;
};
struct list {
struct node *head, **tail;
};
int main(void) {
struct list *list = __builtin_malloc(sizeof(*list));
list->head = 0;
list->tail = &list->head;
struct node *node = __builtin_malloc(sizeof(*node));
node->next = 0;
*list->tail = node;
list->tail = &node->next;
while (list->head) {
struct node *node = list->head;
// list->head = node->next;
__builtin_memcpy(&list->head, &node->next, sizeof(list->head));
node->next = 0;
}
return 0;
}
```
```console
tavianator at tachyon $ ~/code/llvm/llvm-project/build/bin/clang -Wall -g -fsanitize=type foo.c -o foo
tavianator at tachyon $ ./foo
==5885==ERROR: TypeSanitizer: type-aliasing-violation on address 0x55af02a8c2a0 (pc 0x55aef600fb36 bp 0x7ffcbf810cf0 sp 0x7ffcbf810c90 tid 5885)
READ of size 8 at 0x55af02a8c2a0 with type any pointer (in list at offset 0) accesses an existing object of type any pointer (in node at offset 0)
#0 0x55aef600fb35 in main /home/tavianator/code/bfs/foo.c:20:15
```
https://github.com/llvm/llvm-project/pull/108385
More information about the llvm-branch-commits
mailing list