[compiler-rt] r244101 - [UBSan] Fix UBSan-vptr false positive.
Alexey Samsonov
vonosmas at gmail.com
Wed Aug 5 12:52:41 PDT 2015
+Hans, Richard
Is it too late to merge this into 3.7rc2? This patch should be relatively
safe, and fixes a bug that was reported looong time ago.
On Wed, Aug 5, 2015 at 12:35 PM, Alexey Samsonov <vonosmas at gmail.com> wrote:
> Author: samsonov
> Date: Wed Aug 5 14:35:46 2015
> New Revision: 244101
>
> URL: http://llvm.org/viewvc/llvm-project?rev=244101&view=rev
> Log:
> [UBSan] Fix UBSan-vptr false positive.
>
> Offset from vptr to the start of most-derived object can actually
> be positive in some virtual base class vtables.
>
> Patch by Stephan Bergmann!
>
> Added:
>
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp
> Modified:
> compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc
>
> Modified: compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc?rev=244101&r1=244100&r2=244101&view=diff
>
> ==============================================================================
> --- compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc (original)
> +++ compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc Wed Aug 5
> 14:35:46 2015
> @@ -185,8 +185,8 @@ namespace {
>
> struct VtablePrefix {
> /// The offset from the vptr to the start of the most-derived object.
> - /// This should never be greater than zero, and will usually be exactly
> - /// zero.
> + /// This will only be greater than zero in some virtual base class
> vtables
> + /// used during object con-/destruction, and will usually be exactly
> zero.
> sptr Offset;
> /// The type_info object describing the most-derived class type.
> std::type_info *TypeInfo;
> @@ -196,7 +196,7 @@ VtablePrefix *getVtablePrefix(void *Vtab
> if (!Vptr)
> return 0;
> VtablePrefix *Prefix = Vptr - 1;
> - if (Prefix->Offset > 0 || !Prefix->TypeInfo)
> + if (!Prefix->TypeInfo)
> // This can't possibly be a valid vtable.
> return 0;
> return Prefix;
>
> Added:
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp?rev=244101&view=auto
>
> ==============================================================================
> ---
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp
> (added)
> +++
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp
> Wed Aug 5 14:35:46 2015
> @@ -0,0 +1,13 @@
> +// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr %s -o
> %t
> +// RUN: %run %t
> +
> +// REQUIRES: cxxabi
> +
> +int volatile n;
> +
> +struct A { virtual ~A() {} };
> +struct B: virtual A {};
> +struct C: virtual A { ~C() { n = 0; } };
> +struct D: virtual B, virtual C {};
> +
> +int main() { delete new D; }
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
--
Alexey Samsonov
vonosmas at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150805/3df23f67/attachment.html>
More information about the llvm-commits
mailing list