[llvm-bugs] [Bug 34595] New: SmallVector use-after-dtor

[via llvm-bugs]

https://bugs.llvm.org/show_bug.cgi?id=34595

            Bug ID: 34595
           Summary: SmallVector use-after-dtor
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Support Libraries
          Assignee: unassignedbugs at nondot.org
          Reporter: mascasa at google.com
                CC: llvm-bugs at lists.llvm.org

Use-after-dtor occurs for SmallVectors with more than one inline element. 
While the first inline element is stored in SmallVectorTemplateCommon::FirstEl,
subsequent inline elements are stored in SmallVector::Storage.

When using -fsanitize-use-after-dtor, calling ~SmallVector() results in
SmallVector::Storage being poisoned and ~SmallVectorImpl() being called.  But
~SmallVectorImpl() then calls destroy_range(), which attempts to call the
destructors of the elements in SmallVector::Storage.  Those destructors then
trigger use-after-dtor reports.

Simple example:

  SmallVector<std::string, 4u> vec;
  vec.push_back("a");
  vec.push_back("b");
  vec.push_back("c");
  ~SmallVector();  // use-after-dtor triggered in ~string()

If we want to enable -fsanitize-use-after-dtor as a part of MSan, we will need
to either annotate ~SmallVector() to disable MSan checking or fix the
implementation of SmallVector.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170913/c04c30fb/attachment.html>