Re: [PATCH] Fix sanitizer/67258 (by cherry picking upstream patch)

[Jakub Jelinek <jakub at redhat dot com>]

On Wed, Sep 09, 2015 at 06:18:25PM +0200, Markus Trippelsdorf wrote:
> Tested on ppc64le.
> OK for trunk and gcc-5?
> 
> 	PR sanitizer/67258
> 	* ubsan/ubsan_type_hash.cc: Cherry pick upstream r244101.

Please add
-fno-sanitize-recover=vptr
to dg-options.

Ok with that change.

> --- /dev/null
> +++ b/gcc/testsuite/g++.dg/ubsan/vptr-10.C
> @@ -0,0 +1,15 @@
> +// { dg-do run }
> +// { dg-options "-fsanitize=vptr" }
> +
> +struct A
> +{
> +    virtual ~A() {}
> +};
> +struct B : virtual A {};
> +struct C : virtual A {};
> +struct D : B, virtual C {};
> +
> +int main()
> +{
> +    D d;
> +}
> diff --git a/libsanitizer/ubsan/ubsan_type_hash.cc b/libsanitizer/ubsan/ubsan_type_hash.cc
> index d01009426db0..5eab1f561f27 100644
> --- a/libsanitizer/ubsan/ubsan_type_hash.cc
> +++ b/libsanitizer/ubsan/ubsan_type_hash.cc
> @@ -186,8 +186,8 @@ namespace {
>  
>  struct VtablePrefix {
>    /// The offset from the vptr to the start of the most-derived object.
> -  /// This should never be greater than zero, and will usually be exactly
> -  /// zero.
> +  /// This will only be greater than zero in some virtual base class vtables
> +  /// used during object con-/destruction, and will usually be exactly zero.
>    sptr Offset;
>    /// The type_info object describing the most-derived class type.
>    std::type_info *TypeInfo;
> @@ -197,7 +197,7 @@ VtablePrefix *getVtablePrefix(void *Object) {
>    if (!*VptrPtr)
>      return 0;
>    VtablePrefix *Prefix = *VptrPtr - 1;
> -  if (Prefix->Offset > 0 || !Prefix->TypeInfo)
> +  if (!Prefix->TypeInfo)
>      // This can't possibly be a valid vtable.
>      return 0;
>    return Prefix;
> -- 
> 2.5.1
> 
> -- 
> Markus

	Jakub