[PATCH] [comiler-rt/ubsan] getVtablePrefix must not sanity-check on Prefix->Offset > 0

David Blaikie dblaikie at gmail.com
Fri Jun 5 08:26:09 PDT 2015 

On Thu, Jun 4, 2015 at 5:52 PM, Alexey Samsonov <vonosmas at gmail.com> wrote:

> Richard or David, do you want to look into this, or you'd prefer to leave
> this for me?
>

I can't say I have much more context in vtable layout & C++ ABI than you
do, most likely. Happy to bounce some the ideas around in person if that's
helpful.

- David


>
> On Tue, Jun 2, 2015 at 3:32 AM, Stephan Bergmann <sbergman at redhat.com>
> wrote:
>
>> ping^3
>>
>>
>> On 12/16/2014 10:52 AM, Stephan Bergmann wrote:
>>
>>> ping
>>> On 12/05/2014 09:33 AM, Stephan Bergmann wrote:
>>>
>>>> ping
>>>> On 08/12/2014 09:10 PM, Alexey Samsonov wrote:
>>>>
>>>>> +Richard
>>>>>
>>>>>
>>>>> On Tue, Aug 12, 2014 at 3:51 AM, Stephan Bergmann <sbergman at redhat.com
>>>>> <mailto:sbergman at redhat.com>> wrote:
>>>>>
>>>>>     On 08/11/2014 10:19 PM, Alexey Samsonov wrote:
>>>>>
>>>>>         +Richard
>>>>>
>>>>>         Note, that you'd also have to update comment for
>>>>>         VtablePrefix::Offset field.
>>>>>
>>>>>
>>>>>     ah, right; updated patch
>>>>>
>>>>>     Stephan
>>>>>
>>>>>         On Mon, Aug 11, 2014 at 6:30 AM, Stephan Bergmann
>>>>>         <sbergman at redhat.com <mailto:sbergman at redhat.com>
>>>>>         <mailto:sbergman at redhat.com <mailto:sbergman at redhat.com>>>
>>>>> wrote:
>>>>>
>>>>>              At least with recent Clang trunk on Linux x86_64:
>>>>>
>>>>>                  $ cat test.cc
>>>>>                  #include <iostream>
>>>>>                  struct A { virtual ~A() {} };
>>>>>                  struct B: virtual A {};
>>>>>                  struct C: virtual A { ~C() { std::cout << '\n'; } };
>>>>>                  struct D: virtual B, virtual C {};
>>>>>                  int main() { delete new D; }
>>>>>
>>>>>                  $ clang++ -fsanitize=undefined test.cc
>>>>>
>>>>>                  $ ./a.out
>>>>>                  <unknown>: runtime error: member call on address
>>>>>         0x000002a35010
>>>>>                  which does not point to an object of type 'A'
>>>>>                  0x000002a35010: note: object has invalid vptr
>>>>>                    00 00 00 00  58 0e 43 00 00 00 00 00  30 0e 43 00 00
>>>>>         00 00 00
>>>>>                    00 00 00 00 00 00 00 00  e1 0f 02 00
>>>>>                                 ^~~~~~~~~~~~~~~~~~~~~~~
>>>>>                                 invalid vptr
>>>>>
>>>>>
>>>>>              The problem is that getVtablePrefix
>>>>>         (lib/ubsan/ubsan_type_hash.cc)
>>>>>              rejects any VtablePrefix with Offset > 0 as "This can't
>>>>>         possibly be
>>>>>              a valid vtable" but, according to the Itanium ABI, "in
>>>>> some
>>>>>              construction virtual tables will some virtual base virtual
>>>>>         tables
>>>>>              have positive offsets."
>>>>>
>>>>>              The apparent fix is to remove the check, see the attached
>>>>>              getVtablePrefix.patch.
>>>>>
>>>>
>>
>
>
> --
> Alexey Samsonov
> vonosmas at gmail.com
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150605/982b8f6e/attachment.html>

More information about the llvm-commits mailing list