[LLVMbugs] [Bug 23413] UBSan reports downcast/upcast of misaligned address in std::set<long long>
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Mon May 4 17:36:26 PDT 2015
https://llvm.org/bugs/show_bug.cgi?id=23413
Ahmed Bougacha <ahmed.bougacha at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |ahmed.bougacha at gmail.com
Resolution|--- |INVALID
--- Comment #2 from Ahmed Bougacha <ahmed.bougacha at gmail.com> ---
Aah, I remember this! I think this is actually a legitimate libstdc++ bug;
gcc's implementation of UBSan doesn't catch it, but there's undefined behavior
nonetheless.
The RB tree iterator (used for std::set/map) is defined as a pointer to a node
struct. This struct subclasses the "base" node type (with the color and
children and whatnot), adding the value type as a (properly aligned) field.
std::set/map::end(), however, takes a pointer to the base node type, and casts
it to the iterator type, i.e., a pointer to the actual node type. The latter
has alignment >= that of the value type. The former can be (and is) less
aligned, with an alignment == that of the children/color types.
The alignment sanitizer complains, because the cast by itself is undefined
behavior: quoting C11 6.3.2.3, paragraph 7:
> A pointer to an object type may be converted to a pointer to a different
> object type. If the resulting pointer is not correctly aligned 68) for the
> referenced type, the behavior is undefined.
Let me know if I missed something!
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150505/b7ee5bb1/attachment.html>
More information about the llvm-bugs
mailing list