[LLVMbugs] [Bug 22680] New: TestCases/TypeCheck/vptr.cpp failed with -m32
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Tue Feb 24 13:06:21 PST 2015
http://llvm.org/bugs/show_bug.cgi?id=22680
Bug ID: 22680
Summary: TestCases/TypeCheck/vptr.cpp failed with -m32
Product: compiler-rt
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: compiler-rt
Assignee: unassignedbugs at nondot.org
Reporter: hjl.tools at gmail.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
On Linux/x86-64, I got
[hjl at gnu-mic-2 bin]$
/export/build/gnu/llvm-clang/build-x86_64-linux/./bin/clang -m32
--driver-mode=g++ -fsanitize=address -frtti -fsanitize=vptr -g
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp
-O3 -o
/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:51:12:
warning:
direct base 'S' is inaccessible due to ambiguity:
struct U -> struct S
struct U -> struct T -> struct S [-Winaccessible-base]
struct U : S, T { virtual int v() { return 2; } };
^
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:93:9:
warning:
'reinterpret_cast' from class 'U *' to its base at non-zero offset 'T *'
behaves differently from 'static_cast' [-Wreinterpret-base-class]
p = reinterpret_cast<T*>(new U);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:93:9:
note:
use 'static_cast' to adjust the pointer correctly while upcasting
p = reinterpret_cast<T*>(new U);
^~~~~~~~~~~~~~~~
static_cast
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:153:12:
warning:
'reinterpret_cast' to class 'U *' from its base at non-zero offset 'T *'
behaves differently from 'static_cast' [-Wreinterpret-base-class]
return reinterpret_cast<U*>(p)->v() - 2;
^~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:153:12:
note:
use 'static_cast' to adjust the pointer correctly while downcasting
return reinterpret_cast<U*>(p)->v() - 2;
^~~~~~~~~~~~~~~~
static_cast
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:162:5:
warning:
expression result unused [-Wunused-value]
static_cast<T*>(reinterpret_cast<S*>(p));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:165:1:
warning:
control may reach end of non-void function [-Wreturn-type]
}
^
5 warnings generated.
[hjl at gnu-mic-2 bin]$
UBSAN_OPTIONS="suppressions='/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp.supp':halt_on_error=1"
/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp
mS 2>&1
=================================================================
==30899==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf5d007f8 at
pc 0x0813f3f6 bp 0xff844ad8 sp 0xff844acc
READ of size 4 at 0xf5d007f8 thread T0
#0 0x813f3f5 in access_p(T*, char)
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:128:15
#1 0x813e336 in main
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:97:3
#2 0x46742b22 in __libc_start_main (/lib/libc.so.6+0x46742b22)
#3 0x805d16f in _start
(/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp+0x805d16f)
0xf5d007f8 is located 0 bytes to the right of 8-byte region
[0xf5d007f0,0xf5d007f8)
allocated by thread T0 here:
#0 0x8136724 in operator new(unsigned int)
/export/gnu/import/git/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:62
#1 0x813e07f in main
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:84:30
#2 0x46742b22 in __libc_start_main (/lib/libc.so.6+0x46742b22)
SUMMARY: AddressSanitizer: heap-buffer-overflow
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:128
access_p(T*, char)
Shadow bytes around the buggy address:
0x3eba00a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eba00b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eba00c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eba00d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eba00e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x3eba00f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00[fa]
0x3eba0100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eba0110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eba0120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eba0130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eba0140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==30899==ABORTING
[hjl at gnu-mic-2 bin]$
/export/build/gnu/llvm-clang/build-x86_64-linux/./bin/clang -m64
--driver-mode=g++ -fsanitize=address -frtti -fsanitize=vptr -g
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp
-O3 -o
/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:51:12:
warning:
direct base 'S' is inaccessible due to ambiguity:
struct U -> struct S
struct U -> struct T -> struct S [-Winaccessible-base]
struct U : S, T { virtual int v() { return 2; } };
^
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:93:9:
warning:
'reinterpret_cast' from class 'U *' to its base at non-zero offset 'T *'
behaves differently from 'static_cast' [-Wreinterpret-base-class]
p = reinterpret_cast<T*>(new U);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:93:9:
note:
use 'static_cast' to adjust the pointer correctly while upcasting
p = reinterpret_cast<T*>(new U);
^~~~~~~~~~~~~~~~
static_cast
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:153:12:
warning:
'reinterpret_cast' to class 'U *' from its base at non-zero offset 'T *'
behaves differently from 'static_cast' [-Wreinterpret-base-class]
return reinterpret_cast<U*>(p)->v() - 2;
^~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:153:12:
note:
use 'static_cast' to adjust the pointer correctly while downcasting
return reinterpret_cast<U*>(p)->v() - 2;
^~~~~~~~~~~~~~~~
static_cast
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:162:5:
warning:
expression result unused [-Wunused-value]
static_cast<T*>(reinterpret_cast<S*>(p));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/export/gnu/import/git/llvm-x32/projects/compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp:165:1:
warning:
control may reach end of non-void function [-Wreturn-type]
}
^
5 warnings generated.
[hjl at gnu-mic-2 bin]$
UBSAN_OPTIONS="suppressions='/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp.supp':halt_on_error=1"
/export/build/gnu/llvm-clang/build-x86_64-linux/projects/compiler-rt/test/ubsan/AsanConfig/TestCases/TypeCheck/Output/vptr.cpp.tmp
mS 2>&1
[hjl at gnu-mic-2 bin]$
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150224/7e6c49dc/attachment.html>
More information about the llvm-bugs
mailing list