[PATCH] [comiler-rt/ubsan] getVtablePrefix must not sanity-check on Prefix->Offset > 0
Alexey Samsonov
vonosmas at gmail.com
Tue Aug 12 12:10:01 PDT 2014
+Richard
On Tue, Aug 12, 2014 at 3:51 AM, Stephan Bergmann <sbergman at redhat.com>
wrote:
> On 08/11/2014 10:19 PM, Alexey Samsonov wrote:
>
>> +Richard
>>
>> Note, that you'd also have to update comment for VtablePrefix::Offset
>> field.
>>
>
> ah, right; updated patch
>
> Stephan
>
> On Mon, Aug 11, 2014 at 6:30 AM, Stephan Bergmann <sbergman at redhat.com
>> <mailto:sbergman at redhat.com>> wrote:
>>
>> At least with recent Clang trunk on Linux x86_64:
>>
>> $ cat test.cc
>> #include <iostream>
>> struct A { virtual ~A() {} };
>> struct B: virtual A {};
>> struct C: virtual A { ~C() { std::cout << '\n'; } };
>> struct D: virtual B, virtual C {};
>> int main() { delete new D; }
>>
>> $ clang++ -fsanitize=undefined test.cc
>>
>> $ ./a.out
>> <unknown>: runtime error: member call on address 0x000002a35010
>> which does not point to an object of type 'A'
>> 0x000002a35010: note: object has invalid vptr
>> 00 00 00 00 58 0e 43 00 00 00 00 00 30 0e 43 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 e1 0f 02 00
>> ^~~~~~~~~~~~~~~~~~~~~~~
>> invalid vptr
>>
>>
>> The problem is that getVtablePrefix (lib/ubsan/ubsan_type_hash.cc)
>> rejects any VtablePrefix with Offset > 0 as "This can't possibly be
>> a valid vtable" but, according to the Itanium ABI, "in some
>> construction virtual tables will some virtual base virtual tables
>> have positive offsets."
>>
>> The apparent fix is to remove the check, see the attached
>> getVtablePrefix.patch.
>>
>
>
--
Alexey Samsonov
vonosmas at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20140812/4b05e760/attachment.html>
More information about the llvm-commits
mailing list