[PATCH] [comiler-rt/ubsan] getVtablePrefix must not sanity-check on Prefix->Offset > 0

Stephan Bergmann sbergman at redhat.com
Tue Dec 16 01:52:07 PST 2014 

ping

On 12/05/2014 09:33 AM, Stephan Bergmann wrote:
> ping
> On 08/12/2014 09:10 PM, Alexey Samsonov wrote:
>> +Richard
>>
>>
>> On Tue, Aug 12, 2014 at 3:51 AM, Stephan Bergmann <sbergman at redhat.com
>> <mailto:sbergman at redhat.com>> wrote:
>>
>>     On 08/11/2014 10:19 PM, Alexey Samsonov wrote:
>>
>>         +Richard
>>
>>         Note, that you'd also have to update comment for
>>         VtablePrefix::Offset field.
>>
>>
>>     ah, right; updated patch
>>
>>     Stephan
>>
>>         On Mon, Aug 11, 2014 at 6:30 AM, Stephan Bergmann
>>         <sbergman at redhat.com <mailto:sbergman at redhat.com>
>>         <mailto:sbergman at redhat.com <mailto:sbergman at redhat.com>>> wrote:
>>
>>              At least with recent Clang trunk on Linux x86_64:
>>
>>                  $ cat test.cc
>>                  #include <iostream>
>>                  struct A { virtual ~A() {} };
>>                  struct B: virtual A {};
>>                  struct C: virtual A { ~C() { std::cout << '\n'; } };
>>                  struct D: virtual B, virtual C {};
>>                  int main() { delete new D; }
>>
>>                  $ clang++ -fsanitize=undefined test.cc
>>
>>                  $ ./a.out
>>                  <unknown>: runtime error: member call on address
>>         0x000002a35010
>>                  which does not point to an object of type 'A'
>>                  0x000002a35010: note: object has invalid vptr
>>                    00 00 00 00  58 0e 43 00 00 00 00 00  30 0e 43 00 00
>>         00 00 00
>>                    00 00 00 00 00 00 00 00  e1 0f 02 00
>>                                 ^~~~~~~~~~~~~~~~~~~~~~~
>>                                 invalid vptr
>>
>>
>>              The problem is that getVtablePrefix
>>         (lib/ubsan/ubsan_type_hash.cc)
>>              rejects any VtablePrefix with Offset > 0 as "This can't
>>         possibly be
>>              a valid vtable" but, according to the Itanium ABI, "in some
>>              construction virtual tables will some virtual base virtual
>>         tables
>>              have positive offsets."
>>
>>              The apparent fix is to remove the check, see the attached
>>              getVtablePrefix.patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: getVtablesPrefix.patch
Type: text/x-patch
Size: 925 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20141216/197dfefd/attachment.bin>

More information about the llvm-commits mailing list