c++/9446: Wrong size of __base_info array in the vmi class type info object

Grigory_Zagorodnev@stl.sarov.ru Grigory_Zagorodnev@stl.sarov.ru
Mon Jan 27 10:18:00 GMT 2003 

>Number:         9446
>Category:       c++
>Synopsis:       Wrong size of __base_info array in the vmi class type info object
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 27 08:36:01 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Grigory Zagorodnev
>Release:        3.2
>Organization:
>Environment:
$ g++ -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.2/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --host=i386-redhat-linux --with-system-zlib --enable-__cxa_atexit
Thread model: posix
gcc version 3.2 20020903 (Red Hat Linux 8.0 3.2-7)
>Description:
According to the C++ ABI, the type info structure for classes, containing NOT only a single, public, non-virtual base at offset zero, should contain an array of base class descriptions -- one for every direct proper base (ABI: 2.9.5 RTTI Layout: 6.c.)

      class __vmi_class_type_info : public __class_type_info {
	public:
	  unsigned int __flags;
	  unsigned int __base_count;
	  __base_class_type_info __base_info[1];
		...
      };

I.e. __base_info array should contain number of entries equal to the number of bases. 

However, g++ compiler 3.x allocates array one entry bigger than required. See the assembley code, obtained from the attached test-case:
        .type   _ZTI1C,@object
        .size   _ZTI1C,40
_ZTI1C:
        .long   _ZTVN10__cxxabiv121__vmi_class_type_infoE+8
        .long   _ZTS1C
        .long   8
        .long   2
        .long   _ZTI1A
        .long   1026
        .long   _ZTI1B
        .long   -3069
        .zero   8			// <--- superfluous base info array entry


That happens due to incorrect calculation of array size in the routine 'get_pseudo_ti_desc' (file gcc/cp/rtti.c):
              /* Add number of bases and trailing array of
                 base_class_type_info.  */
              array_domain = build_index_type (size_int (num_bases));
              base_array =
                build_array_type (base_desc_type_node, array_domain);

However, routine 'build_index_type' requries the argument to "be the maximum value in the domain (one less than the length of the array)."

So the suggested fix for problem is:
<              array_domain = build_index_type (size_int (num_bases));
>              array_domain = build_index_type (size_int (num_bases) - 1);
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: text/plain; name="foo.cpp"
Content-Disposition: inline; filename="foo.cpp"

/*
    Wrong size of __base_info array in the C1's type info (_ZTI3C1)
*/

struct A {
    int a;
};

struct B {
    int b;
};

struct C: A, virtual B
{
    int i;
};


C c;

More information about the Gcc-bugs mailing list