[compiler-rt] r244101 - [UBSan] Fix UBSan-vptr false positive.

Fri Aug 14 15:23:18 PDT 2015

On Wed, Aug 5, 2015 at 1:07 PM, Hans Wennborg <hans at chromium.org> wrote:

> I'm fine with merging this if Richard agrees.
>
> Richard, what say you?

Sorry I missed this. Yes, this looks fine to me.

>
>  - Hans
>
> On Wed, Aug 5, 2015 at 12:52 PM, Alexey Samsonov <vonosmas at gmail.com>
> wrote:
> > +Hans, Richard
> >
> > Is it too late to merge this into 3.7rc2? This patch should be relatively
> > safe, and fixes a bug that was reported looong time ago.
> >
> > On Wed, Aug 5, 2015 at 12:35 PM, Alexey Samsonov <vonosmas at gmail.com>
> wrote:
> >>
> >> Author: samsonov
> >> Date: Wed Aug  5 14:35:46 2015
> >> New Revision: 244101
> >>
> >> URL: http://llvm.org/viewvc/llvm-project?rev=244101&view=rev
> >> Log:
> >> [UBSan] Fix UBSan-vptr false positive.
> >>
> >> Offset from vptr to the start of most-derived object can actually
> >> be positive in some virtual base class vtables.
> >>
> >> Patch by Stephan Bergmann!
> >>
> >> Added:
> >>
> >>
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp
> >> Modified:
> >>     compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc
> >>
> >> Modified: compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc
> >> URL:
> >>
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc?rev=244101&r1=244100&r2=244101&view=diff
> >>
> >>
> ==============================================================================
> >> --- compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc (original)
> >> +++ compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc Wed Aug  5
> >> 14:35:46 2015
> >> @@ -185,8 +185,8 @@ namespace {
> >>
> >>  struct VtablePrefix {
> >>    /// The offset from the vptr to the start of the most-derived object.
> >> -  /// This should never be greater than zero, and will usually be
> exactly
> >> -  /// zero.
> >> +  /// This will only be greater than zero in some virtual base class
> >> vtables
> >> +  /// used during object con-/destruction, and will usually be exactly
> >> zero.
> >>    sptr Offset;
> >>    /// The type_info object describing the most-derived class type.
> >>    std::type_info *TypeInfo;
> >> @@ -196,7 +196,7 @@ VtablePrefix *getVtablePrefix(void *Vtab
> >>    if (!Vptr)
> >>      return 0;
> >>    VtablePrefix *Prefix = Vptr - 1;
> >> -  if (Prefix->Offset > 0 || !Prefix->TypeInfo)
> >> +  if (!Prefix->TypeInfo)
> >>      // This can't possibly be a valid vtable.
> >>      return 0;
> >>    return Prefix;
> >>
> >> Added:
> >>
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp
> >> URL:
> >>
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp?rev=244101&view=auto
> >>
> >>
> ==============================================================================
> >> ---
> >>
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp
> >> (added)
> >> +++
> >>
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp
> >> Wed Aug  5 14:35:46 2015
> >> @@ -0,0 +1,13 @@
> >> +// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr %s
> -o
> >> %t
> >> +// RUN: %run %t
> >> +
> >> +// REQUIRES: cxxabi
> >> +
> >> +int volatile n;
> >> +
> >> +struct A { virtual ~A() {} };
> >> +struct B: virtual A {};
> >> +struct C: virtual A { ~C() { n = 0; } };
> >> +struct D: virtual B, virtual C {};
> >> +
> >> +int main() { delete new D; }
> >>
> >>
> >> _______________________________________________
> >> llvm-commits mailing list
> >> llvm-commits at lists.llvm.org
> >> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
> >
> >
> >
> >
> > --
> > Alexey Samsonov
> > vonosmas at gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150814/1ffff17c/attachment.html>