[llvm-bugs] [Bug 25887] New: UBSan: missing check for accessing an inactive member of an union
via llvm-bugs
llvm-bugs at lists.llvm.org
Fri Dec 18 10:11:55 PST 2015
https://llvm.org/bugs/show_bug.cgi?id=25887
Bug ID: 25887
Summary: UBSan: missing check for accessing an inactive member
of an union
Product: clang
Version: trunk
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Frontend
Assignee: unassignedclangbugs at nondot.org
Reporter: gonzalobg88 at gmail.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
Just discussed in this range-v3 issue:
https://github.com/ericniebler/range-v3/issues/239
both Eric and Casey give good examples. Here Eric's example:
template<typename F, typename S>
struct pair_data
{
union
{
F non_const_first_;
F const first;
};
union
{
S non_const_second_;
S const second;
};
};
template<typename F, typename S>
struct pair : private pair_data<F, S>
{
using pair_data<F, S>::first;
using pair_data<F, S>::second;
pair() : pair_data<F, S>{} {}
pair(F f, S s) : pair_data<F, S>{f, s} {}
~pair()
{
first.~F();
second.~S();
}
};
int main()
{
pair<int, float> f{1, 3.14f};
return f.first; // UB
// more UB: destructors of the non-active members (first, second) are
called
// instead of the destructors of the active members (first_, second_)
}
Aggregate initialization of the union initialize the first member "first_".
Accessing first thus access a non-active member of the union and results in
undefined behavior.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151218/075f12eb/attachment-0001.html>
More information about the llvm-bugs
mailing list