diff options
| author | trippels <trippels@138bc75d-0d04-0410-961f-82ee72b054a4> | 2015-09-09 16:34:59 +0000 |
|---|---|---|
| committer | trippels <trippels@138bc75d-0d04-0410-961f-82ee72b054a4> | 2015-09-09 16:34:59 +0000 |
| commit | 5f6ec267c25fae5a9eb57ffca5a63677905d3d60 (patch) | |
| tree | d7242b5c767c60e428b06eec2e0a7d94bbbb6465 | |
| parent | 2bbeda99e0195c984c73eb95548eb44495d1bc14 (diff) | |
| download | gcc-5f6ec267c25fae5a9eb57ffca5a63677905d3d60.tar.gz | |
Fix sanitizer/67258 by cherry picking upstream patch
PR sanitizer/67258
* ubsan/ubsan_type_hash.cc: Cherry pick upstream r244101.
Upstraem patch:
commit 1d2477faafda9ad2cc19927b3c31efd22747f013
Author: Alexey Samsonov <vonosmas@gmail.com>
Date: Wed Aug 5 19:35:46 2015 +0000
[UBSan] Fix UBSan-vptr false positive.
Offset from vptr to the start of most-derived object can actually
be positive in some virtual base class vtables.
Patch by Stephan Bergmann!
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@244101 91177308-0d34-0410-b5e6-96231b3b80d8
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@227591 138bc75d-0d04-0410-961f-82ee72b054a4
| -rw-r--r-- | gcc/testsuite/g++.dg/ubsan/vptr-10.C | 15 | ||||
| -rw-r--r-- | libsanitizer/ChangeLog | 5 | ||||
| -rw-r--r-- | libsanitizer/ubsan/ubsan_type_hash.cc | 6 |
3 files changed, 23 insertions, 3 deletions
diff --git a/gcc/testsuite/g++.dg/ubsan/vptr-10.C b/gcc/testsuite/g++.dg/ubsan/vptr-10.C new file mode 100644 index 00000000000..e05c33b90ba --- /dev/null +++ b/gcc/testsuite/g++.dg/ubsan/vptr-10.C @@ -0,0 +1,15 @@ +// { dg-do run } +// { dg-options "-fsanitize=vptr -fno-sanitize-recover=vptr" } + +struct A +{ + virtual ~A() {} +}; +struct B : virtual A {}; +struct C : virtual A {}; +struct D : B, virtual C {}; + +int main() +{ + D d; +} diff --git a/libsanitizer/ChangeLog b/libsanitizer/ChangeLog index 4995299d058..ba4c4239509 100644 --- a/libsanitizer/ChangeLog +++ b/libsanitizer/ChangeLog @@ -1,3 +1,8 @@ +2015-09-09 Markus Trippelsdorf <markus@trippelsdorf.de> + + PR sanitizer/67258 + * ubsan/ubsan_type_hash.cc: Cherry pick upstream r244101. + 2015-07-29 Markus Trippelsdorf <markus@trippelsdorf.de> PR sanitizer/63927 diff --git a/libsanitizer/ubsan/ubsan_type_hash.cc b/libsanitizer/ubsan/ubsan_type_hash.cc index d01009426db..5eab1f561f2 100644 --- a/libsanitizer/ubsan/ubsan_type_hash.cc +++ b/libsanitizer/ubsan/ubsan_type_hash.cc @@ -186,8 +186,8 @@ namespace { struct VtablePrefix { /// The offset from the vptr to the start of the most-derived object. - /// This should never be greater than zero, and will usually be exactly - /// zero. + /// This will only be greater than zero in some virtual base class vtables + /// used during object con-/destruction, and will usually be exactly zero. sptr Offset; /// The type_info object describing the most-derived class type. std::type_info *TypeInfo; @@ -197,7 +197,7 @@ VtablePrefix *getVtablePrefix(void *Object) { if (!*VptrPtr) return 0; VtablePrefix *Prefix = *VptrPtr - 1; - if (Prefix->Offset > 0 || !Prefix->TypeInfo) + if (!Prefix->TypeInfo) // This can't possibly be a valid vtable. return 0; return Prefix; |