maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[UBSan] Fix UBSan-vptr false positive. 

Offset from vptr to the start of most-derived object can actually
be positive in some virtual base class vtables.

Patch by Stephan Bergmann!

llvm-svn: 244101
This commit is contained in:
Alexey Samsonov 2015-08-05 19:35:46 +00:00
parent 3f2058da16
commit 894d5821e7
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
compiler-rt/lib/ubsan/ubsan_type_hash_itanium.cc
View File

@ -185,8 +185,8 @@ namespace {
struct VtablePrefix {
/// The offset from the vptr to the start of the most-derived object.
/// This should never be greater than zero, and will usually be exactly
/// zero.
/// This will only be greater than zero in some virtual base class vtables
/// used during object con-/destruction, and will usually be exactly zero.
sptr Offset;
/// The type_info object describing the most-derived class type.
std::type_info *TypeInfo;
@ -196,7 +196,7 @@ VtablePrefix *getVtablePrefix(void *Vtable) {
if (!Vptr)
return 0;
VtablePrefix *Prefix = Vptr - 1;
if (Prefix->Offset > 0 || !Prefix->TypeInfo)
if (!Prefix->TypeInfo)
// This can't possibly be a valid vtable.
return 0;
return Prefix;

13
compiler-rt/test/ubsan/TestCases/TypeCheck/vptr-virtual-base-construction.cpp Normal file
View File

@ -0,0 +1,13 @@
// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr %s -o %t
// RUN: %run %t
// REQUIRES: cxxabi
int volatile n;
struct A { virtual ~A() {} };
struct B: virtual A {};
struct C: virtual A { ~C() { n = 0; } };
struct D: virtual B, virtual C {};
int main() { delete new D; }