public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/60963] New: ubsan runtime error: load of null pointer of type '<unknown> *'
@ 2014-04-25 11:31 redi at gcc dot gnu.org
2014-04-25 12:33 ` [Bug ipa/60963] [4.10 Regression] wrong devirt with placement new rguenth at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: redi at gcc dot gnu.org @ 2014-04-25 11:31 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60963
Bug ID: 60963
Summary: ubsan runtime error: load of null pointer of type
'<unknown> *'
Product: gcc
Version: 4.10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: redi at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
I think this is valid:
#include <new>
class EmbeddedObject {
public:
virtual int val() { return 2; }
};
class Container {
alignas(EmbeddedObject) char buffer[sizeof(EmbeddedObject)];
public:
EmbeddedObject *obj() { return (EmbeddedObject*)buffer; }
Container() { new (buffer) EmbeddedObject(); }
};
Container o;
int main()
{
return o.obj()->val();
}
But compiled with trunk and -std=c++11 -O2 -fsanitize=undefined it errors:
sa3.cc:19:23: runtime error: load of null pointer of type '<unknown> *'
Segmentation fault (core dumped)
This might not be a ubsan issue, it might be just a side-effect of the
devirtualization problem described at
http://gcc.gnu.org/ml/gcc/2014-04/msg00236.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug ipa/60963] [4.10 Regression] wrong devirt with placement new
2014-04-25 11:31 [Bug sanitizer/60963] New: ubsan runtime error: load of null pointer of type '<unknown> *' redi at gcc dot gnu.org
2014-04-25 12:33 ` [Bug ipa/60963] [4.10 Regression] wrong devirt with placement new rguenth at gcc dot gnu.org
@ 2014-04-25 12:33 ` rguenth at gcc dot gnu.org
2014-04-25 14:24 ` aph at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-04-25 12:33 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60963
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2014-04-25
Summary|ubsan runtime error: load |[4.10 Regression] wrong
|of null pointer of type |devirt with placement new
|'<unknown> *' |
Ever confirmed|0 |1
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
#include <new>
extern "C" void abort (void);
class EmbeddedObject {
public:
virtual int val() { return 2; }
};
class Container {
alignas(EmbeddedObject) char buffer[sizeof(EmbeddedObject)];
public:
EmbeddedObject *obj() { return (EmbeddedObject*)buffer; }
Container() { new (buffer) EmbeddedObject(); }
};
Container o;
int main()
{
if (o.obj()->val() != 2)
abort ();
}
It's interesting how the gcc_unreachable () makes writing a testcase that
aborts almost impossible (the above doesn't work, nor if I move the call
into a separate non-inlined function ...).
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug ipa/60963] [4.10 Regression] wrong devirt with placement new
2014-04-25 11:31 [Bug sanitizer/60963] New: ubsan runtime error: load of null pointer of type '<unknown> *' redi at gcc dot gnu.org
@ 2014-04-25 12:33 ` rguenth at gcc dot gnu.org
2014-04-25 12:33 ` rguenth at gcc dot gnu.org
2014-04-25 14:24 ` aph at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-04-25 12:33 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60963
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |4.10.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug ipa/60963] [4.10 Regression] wrong devirt with placement new
2014-04-25 11:31 [Bug sanitizer/60963] New: ubsan runtime error: load of null pointer of type '<unknown> *' redi at gcc dot gnu.org
2014-04-25 12:33 ` [Bug ipa/60963] [4.10 Regression] wrong devirt with placement new rguenth at gcc dot gnu.org
2014-04-25 12:33 ` rguenth at gcc dot gnu.org
@ 2014-04-25 14:24 ` aph at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: aph at gcc dot gnu.org @ 2014-04-25 14:24 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60963
Andrew Haley <aph at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |aph at gcc dot gnu.org
Resolution|--- |DUPLICATE
--- Comment #2 from Andrew Haley <aph at gcc dot gnu.org> ---
I'm closing this because it's a dupe.
*** This bug has been marked as a duplicate of bug 60965 ***
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-04-25 14:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-25 11:31 [Bug sanitizer/60963] New: ubsan runtime error: load of null pointer of type '<unknown> *' redi at gcc dot gnu.org
2014-04-25 12:33 ` [Bug ipa/60963] [4.10 Regression] wrong devirt with placement new rguenth at gcc dot gnu.org
2014-04-25 12:33 ` rguenth at gcc dot gnu.org
2014-04-25 14:24 ` aph at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).