[PATCH] [comiler-rt/ubsan] getVtablePrefix must not sanity-check on Prefix->Offset > 0
Alexey Samsonov
vonosmas at gmail.com
Fri Jun 5 10:02:57 PDT 2015
I referred to David Majnemer, who touched this code a while ago. But thanks
for suggesting help :)
On Fri, Jun 5, 2015 at 8:26 AM, David Blaikie <dblaikie at gmail.com> wrote:
>
>
> On Thu, Jun 4, 2015 at 5:52 PM, Alexey Samsonov <vonosmas at gmail.com>
> wrote:
>
>> Richard or David, do you want to look into this, or you'd prefer to leave
>> this for me?
>>
>
> I can't say I have much more context in vtable layout & C++ ABI than you
> do, most likely. Happy to bounce some the ideas around in person if that's
> helpful.
>
> - David
>
>
>>
>> On Tue, Jun 2, 2015 at 3:32 AM, Stephan Bergmann <sbergman at redhat.com>
>> wrote:
>>
>>> ping^3
>>>
>>>
>>> On 12/16/2014 10:52 AM, Stephan Bergmann wrote:
>>>
>>>> ping
>>>> On 12/05/2014 09:33 AM, Stephan Bergmann wrote:
>>>>
>>>>> ping
>>>>> On 08/12/2014 09:10 PM, Alexey Samsonov wrote:
>>>>>
>>>>>> +Richard
>>>>>>
>>>>>>
>>>>>> On Tue, Aug 12, 2014 at 3:51 AM, Stephan Bergmann <
>>>>>> sbergman at redhat.com
>>>>>> <mailto:sbergman at redhat.com>> wrote:
>>>>>>
>>>>>> On 08/11/2014 10:19 PM, Alexey Samsonov wrote:
>>>>>>
>>>>>> +Richard
>>>>>>
>>>>>> Note, that you'd also have to update comment for
>>>>>> VtablePrefix::Offset field.
>>>>>>
>>>>>>
>>>>>> ah, right; updated patch
>>>>>>
>>>>>> Stephan
>>>>>>
>>>>>> On Mon, Aug 11, 2014 at 6:30 AM, Stephan Bergmann
>>>>>> <sbergman at redhat.com <mailto:sbergman at redhat.com>
>>>>>> <mailto:sbergman at redhat.com <mailto:sbergman at redhat.com>>>
>>>>>> wrote:
>>>>>>
>>>>>> At least with recent Clang trunk on Linux x86_64:
>>>>>>
>>>>>> $ cat test.cc
>>>>>> #include <iostream>
>>>>>> struct A { virtual ~A() {} };
>>>>>> struct B: virtual A {};
>>>>>> struct C: virtual A { ~C() { std::cout << '\n'; } };
>>>>>> struct D: virtual B, virtual C {};
>>>>>> int main() { delete new D; }
>>>>>>
>>>>>> $ clang++ -fsanitize=undefined test.cc
>>>>>>
>>>>>> $ ./a.out
>>>>>> <unknown>: runtime error: member call on address
>>>>>> 0x000002a35010
>>>>>> which does not point to an object of type 'A'
>>>>>> 0x000002a35010: note: object has invalid vptr
>>>>>> 00 00 00 00 58 0e 43 00 00 00 00 00 30 0e 43 00
>>>>>> 00
>>>>>> 00 00 00
>>>>>> 00 00 00 00 00 00 00 00 e1 0f 02 00
>>>>>> ^~~~~~~~~~~~~~~~~~~~~~~
>>>>>> invalid vptr
>>>>>>
>>>>>>
>>>>>> The problem is that getVtablePrefix
>>>>>> (lib/ubsan/ubsan_type_hash.cc)
>>>>>> rejects any VtablePrefix with Offset > 0 as "This can't
>>>>>> possibly be
>>>>>> a valid vtable" but, according to the Itanium ABI, "in
>>>>>> some
>>>>>> construction virtual tables will some virtual base
>>>>>> virtual
>>>>>> tables
>>>>>> have positive offsets."
>>>>>>
>>>>>> The apparent fix is to remove the check, see the attached
>>>>>> getVtablePrefix.patch.
>>>>>>
>>>>>
>>>
>>
>>
>> --
>> Alexey Samsonov
>> vonosmas at gmail.com
>>
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>>
>>
>
--
Alexey Samsonov
vonosmas at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150605/7df78d44/attachment.html>
More information about the llvm-commits
mailing list