CFI: wrong type passed to llvm.type.test with multiple inheritance devirtualization.

Differential Revision: https://reviews.llvm.org/D67985 llvm-svn: 374909
2019-10-15 16:32:50 +00:00 · 2019-10-15 16:32:50 +00:00 · 034badb312
parent 6e8599d939
commit 034badb312
3 changed files with 70 additions and 1 deletions
--- a/clang/lib/CodeGen/CGExprCXX.cpp
+++ b/clang/lib/CodeGen/CGExprCXX.cpp
@ -382,7 +382,7 @@ RValue CodeGenFunction::EmitCXXMemberOrOperatorMemberCallExpr(
      const CXXRecordDecl *RD;
      std::tie(VTable, RD) =
          CGM.getCXXABI().LoadVTablePtr(*this, This.getAddress(),
-                                        MD->getParent());
+                                        CalleeDecl->getParent());
      EmitVTablePtrCheckForCall(RD, VTable, CFITCK_NVCall, CE->getBeginLoc());
    }

--- a/clang/test/CodeGenCXX/cfi-multiple-inheritance.cpp
+++ b/clang/test/CodeGenCXX/cfi-multiple-inheritance.cpp
@ -0,0 +1,31 @@
+// Test that correct vtable ptr and type metadata are passed to llvm.type.test
+// Related to Bugzilla 43390.
+
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -std=c++11 -fsanitize=cfi-nvcall -emit-llvm -o - %s | FileCheck %s
+
+class A1 {
+public:
+    virtual int f1() = 0;
+};
+
+class A2 {
+public:
+    virtual int f2() = 0;
+};
+
+
+class B : public A1, public A2 {
+public:
+    int f2() final { return 1; }
+    int f1() final { return 2; }
+};
+
+// CHECK-LABEL: define hidden i32 @_Z3foov
+int foo() {
+    B b;
+    return static_cast<A2*>(&b)->f2();
+    // CHECK: [[P:%[^ ]*]] = bitcast %class.B* %b to i8**
+    // CHECK: [[V:%[^ ]*]] = load i8*, i8** [[P]], align 8
+    // CHECK: call i1 @llvm.type.test(i8* [[V]], metadata !"_ZTS1B")
+    // CHECK: call i1 @llvm.type.test(i8* [[V]], metadata !"all-vtables")
+}
--- a/compiler-rt/test/cfi/multiple-inheritance2.cpp
+++ b/compiler-rt/test/cfi/multiple-inheritance2.cpp
@ -0,0 +1,38 @@
+// Test that virtual functions of the derived class can be called through
+// pointers of both base classes without CFI errors.
+// Related to Bugzilla 43390.
+
+// RUN: %clangxx_cfi -o %t1 %s
+// RUN: %run %t1 2>&1 | FileCheck --check-prefix=CFI %s
+
+// CFI: In f1
+// CFI: In f2
+// CFI-NOT: control flow integrity check
+
+// REQUIRES: cxxabi
+
+#include <stdio.h>
+
+class A1 {
+public:
+    virtual void f1() = 0;
+};
+
+class A2 {
+public:
+    virtual void f2() = 0;
+};
+
+
+class B : public A1, public A2 {
+public:
+    void f2() final { fprintf(stderr, "In f2\n"); }
+    void f1() final { fprintf(stderr, "In f1\n"); }
+};
+
+int main() {
+    B b;
+
+    static_cast<A1*>(&b)->f1();
+    static_cast<A2*>(&b)->f2();
+}