[PATCH] [comiler-rt/ubsan] getVtablePrefix must not sanity-check on Prefix->Offset > 0
David Blaikie
dblaikie at gmail.com
Fri Jun 5 10:06:06 PDT 2015
On Fri, Jun 5, 2015 at 10:02 AM, Alexey Samsonov <vonosmas at gmail.com> wrote:
> I referred to David Majnemer, who touched this code a while ago. But
> thanks for suggesting help :)
>
Ah, +Majnemer.
- Dave
>
> On Fri, Jun 5, 2015 at 8:26 AM, David Blaikie <dblaikie at gmail.com> wrote:
>
>>
>>
>> On Thu, Jun 4, 2015 at 5:52 PM, Alexey Samsonov <vonosmas at gmail.com>
>> wrote:
>>
>>> Richard or David, do you want to look into this, or you'd prefer to
>>> leave this for me?
>>>
>>
>> I can't say I have much more context in vtable layout & C++ ABI than you
>> do, most likely. Happy to bounce some the ideas around in person if that's
>> helpful.
>>
>> - David
>>
>>
>>>
>>> On Tue, Jun 2, 2015 at 3:32 AM, Stephan Bergmann <sbergman at redhat.com>
>>> wrote:
>>>
>>>> ping^3
>>>>
>>>>
>>>> On 12/16/2014 10:52 AM, Stephan Bergmann wrote:
>>>>
>>>>> ping
>>>>> On 12/05/2014 09:33 AM, Stephan Bergmann wrote:
>>>>>
>>>>>> ping
>>>>>> On 08/12/2014 09:10 PM, Alexey Samsonov wrote:
>>>>>>
>>>>>>> +Richard
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Aug 12, 2014 at 3:51 AM, Stephan Bergmann <
>>>>>>> sbergman at redhat.com
>>>>>>> <mailto:sbergman at redhat.com>> wrote:
>>>>>>>
>>>>>>> On 08/11/2014 10:19 PM, Alexey Samsonov wrote:
>>>>>>>
>>>>>>> +Richard
>>>>>>>
>>>>>>> Note, that you'd also have to update comment for
>>>>>>> VtablePrefix::Offset field.
>>>>>>>
>>>>>>>
>>>>>>> ah, right; updated patch
>>>>>>>
>>>>>>> Stephan
>>>>>>>
>>>>>>> On Mon, Aug 11, 2014 at 6:30 AM, Stephan Bergmann
>>>>>>> <sbergman at redhat.com <mailto:sbergman at redhat.com>
>>>>>>> <mailto:sbergman at redhat.com <mailto:sbergman at redhat.com>>>
>>>>>>> wrote:
>>>>>>>
>>>>>>> At least with recent Clang trunk on Linux x86_64:
>>>>>>>
>>>>>>> $ cat test.cc
>>>>>>> #include <iostream>
>>>>>>> struct A { virtual ~A() {} };
>>>>>>> struct B: virtual A {};
>>>>>>> struct C: virtual A { ~C() { std::cout << '\n'; } };
>>>>>>> struct D: virtual B, virtual C {};
>>>>>>> int main() { delete new D; }
>>>>>>>
>>>>>>> $ clang++ -fsanitize=undefined test.cc
>>>>>>>
>>>>>>> $ ./a.out
>>>>>>> <unknown>: runtime error: member call on address
>>>>>>> 0x000002a35010
>>>>>>> which does not point to an object of type 'A'
>>>>>>> 0x000002a35010: note: object has invalid vptr
>>>>>>> 00 00 00 00 58 0e 43 00 00 00 00 00 30 0e 43 00
>>>>>>> 00
>>>>>>> 00 00 00
>>>>>>> 00 00 00 00 00 00 00 00 e1 0f 02 00
>>>>>>> ^~~~~~~~~~~~~~~~~~~~~~~
>>>>>>> invalid vptr
>>>>>>>
>>>>>>>
>>>>>>> The problem is that getVtablePrefix
>>>>>>> (lib/ubsan/ubsan_type_hash.cc)
>>>>>>> rejects any VtablePrefix with Offset > 0 as "This can't
>>>>>>> possibly be
>>>>>>> a valid vtable" but, according to the Itanium ABI, "in
>>>>>>> some
>>>>>>> construction virtual tables will some virtual base
>>>>>>> virtual
>>>>>>> tables
>>>>>>> have positive offsets."
>>>>>>>
>>>>>>> The apparent fix is to remove the check, see the
>>>>>>> attached
>>>>>>> getVtablePrefix.patch.
>>>>>>>
>>>>>>
>>>>
>>>
>>>
>>> --
>>> Alexey Samsonov
>>> vonosmas at gmail.com
>>>
>>> _______________________________________________
>>> llvm-commits mailing list
>>> llvm-commits at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>>>
>>>
>>
>
>
> --
> Alexey Samsonov
> vonosmas at gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150605/93ef8d2d/attachment.html>
More information about the llvm-commits
mailing list