[PATCH] D33712: Bug 33221 [UBSAN] segfault with -fsanitize=undefined
Denis Khalikov via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed May 31 10:06:58 PDT 2017
denis13 updated this revision to Diff 100881.
denis13 added a comment.
Test case added
https://reviews.llvm.org/D33712
Files:
lib/ubsan/ubsan_type_hash_itanium.cc
test/ubsan/TestCases/TypeCheck/PR33221.cpp
Index: test/ubsan/TestCases/TypeCheck/PR33221.cpp
===================================================================
--- /dev/null
+++ test/ubsan/TestCases/TypeCheck/PR33221.cpp
@@ -0,0 +1,24 @@
+// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr -g %s -O3 -o %t
+// RUN: %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: cxxabi
+
+class Base {
+public:
+ Base *next;
+ virtual void print() {}
+};
+
+class Derived : public Base {
+public:
+ void print() {}
+};
+
+int main() {
+ Derived *list = (Derived *)new char[sizeof(Derived)];
+
+// CHECK: PR33221.cpp:[[@LINE+1]]:9: runtime error: member access within address {{.*}} which does not point to an object of type 'Base'
+// CHECK-NEXT: object has invalid vptr
+ list->next = list + 1;
+ return 0;
+}
Index: lib/ubsan/ubsan_type_hash_itanium.cc
===================================================================
--- lib/ubsan/ubsan_type_hash_itanium.cc
+++ lib/ubsan/ubsan_type_hash_itanium.cc
@@ -197,7 +197,7 @@
};
VtablePrefix *getVtablePrefix(void *Vtable) {
VtablePrefix *Vptr = reinterpret_cast<VtablePrefix*>(Vtable);
- if (!Vptr)
+ if (!IsAccessibleMemoryRange((uptr)Vptr, sizeof(VtablePrefix)))
return nullptr;
VtablePrefix *Prefix = Vptr - 1;
if (!Prefix->TypeInfo)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D33712.100881.patch
Type: text/x-patch
Size: 1265 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170531/3ad95933/attachment.bin>
More information about the llvm-commits
mailing list