[Bug sanitizer/92928] When address and UB sanitizer are combined, sanitizing boost serialization code crashes
jakub at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Fri Dec 13 11:55:00 GMT 2019
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92928
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Even more reduced (without headers):
struct Base
{
virtual ~Base() = default;
virtual bool foo() noexcept = 0;
};
struct Derived : public Base
{
Derived() noexcept {};
bool foo() noexcept override { return true; };
};
int main()
{
int diff = reinterpret_cast<__PTRDIFF_TYPE__>(static_cast<Derived
*>(reinterpret_cast<Base *>(1 << 20))) - (1 << 20);
__builtin_printf ("%d\n", diff);
}
I'd say this is just invalid, there is no object of type Base or Derived at the
address 1 << 20 and -fsanitize=vptr attempts to verify that the object has the
right virtual table pointer, but as nothing is mapped at 1 << 20, that access
obviously fails.
You get exactly the same behavior with clang++ -fsanitize=address,undefined.
Both will work with -fsanitize=address,undefined -fno-sanitize=vptr.
More information about the Gcc-bugs
mailing list