[compiler-rt] r304437 - Bug 33221 [UBSAN] segfault with -fsanitize=undefined

Vedant Kumar via llvm-commits llvm-commits at lists.llvm.org
Thu Jun 1 09:44:11 PDT 2017 

Author: vedantk
Date: Thu Jun  1 11:44:11 2017
New Revision: 304437

URL: http://llvm.org/viewvc/llvm-project?rev=304437&view=rev
Log:
Bug 33221 [UBSAN] segfault with -fsanitize=undefined

There is can be a situation when vptr is not initializing
by constructor of the object, and has a junk data which should
be properly checked, because c++ standard says:

"if default constructor is not specified
16 (7.3) no initialization is performed."

Patch by Denis Khalikov!

Differential Revision: https://reviews.llvm.org/D33712

Added:
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/PR33221.cpp
Modified:
    compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc

Modified: compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc?rev=304437&r1=304436&r2=304437&view=diff
==============================================================================
--- compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc (original)
+++ compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc Thu Jun  1 11:44:11 2017
@@ -197,7 +197,7 @@ struct VtablePrefix {
 };
 VtablePrefix *getVtablePrefix(void *Vtable) {
   VtablePrefix *Vptr = reinterpret_cast<VtablePrefix*>(Vtable);
-  if (!Vptr)
+  if (!IsAccessibleMemoryRange((uptr)Vptr, sizeof(VtablePrefix)))
     return nullptr;
   VtablePrefix *Prefix = Vptr - 1;
   if (!Prefix->TypeInfo)

Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/PR33221.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/PR33221.cpp?rev=304437&view=auto
==============================================================================
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/PR33221.cpp (added)
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/PR33221.cpp Thu Jun  1 11:44:11 2017
@@ -0,0 +1,24 @@
+// RUN: %clangxx -frtti -fsanitize=undefined -g %s -O3 -o %t
+// RUN: %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: cxxabi
+
+class Base {
+public:
+  int i;
+  virtual void print() {}
+};
+
+class Derived : public Base {
+public:
+  void print() {}
+};
+
+int main() {
+  Derived *list = (Derived *)new char[sizeof(Derived)];
+
+// CHECK: PR33221.cpp:[[@LINE+2]]:19: runtime error: member access within address {{.*}} which does not point to an object of type 'Base'
+// CHECK-NEXT: object has invalid vptr
+  int foo = list->i;
+  return 0;
+}

More information about the llvm-commits mailing list