public inbox for gcc-cvs@sourceware.org help / color / mirror / Atom feed
From: Marek Polacek <mpolacek@gcc.gnu.org> To: gcc-cvs@gcc.gnu.org Subject: [gcc r11-5869] c++: ICE with -fsanitize=vptr and constexpr dynamic_cast [PR98103] Date: Tue, 8 Dec 2020 22:27:06 +0000 (GMT) [thread overview] Message-ID: <20201208222706.B81EA3858C27@sourceware.org> (raw) https://gcc.gnu.org/g:0221c656bbe5b4ab54e784df3b109c60cb27e5b6 commit r11-5869-g0221c656bbe5b4ab54e784df3b109c60cb27e5b6 Author: Marek Polacek <polacek@redhat.com> Date: Wed Dec 2 14:33:13 2020 -0500 c++: ICE with -fsanitize=vptr and constexpr dynamic_cast [PR98103] -fsanitize=vptr initializes all vtable pointers to null so that it can catch invalid calls; see cp_ubsan_maybe_initialize_vtbl_ptrs. That means that evaluating a vtable reference can produce a null pointer in this mode, so cxx_eval_dynamic_cast_fn should check that and give and error. gcc/cp/ChangeLog: PR c++/98103 * constexpr.c (cxx_eval_dynamic_cast_fn): If the evaluating of vtable yields a null pointer, give an error and return. Use objtype. gcc/testsuite/ChangeLog: PR c++/98103 * g++.dg/ubsan/vptr-18.C: New test. Diff: --- gcc/cp/constexpr.c | 11 ++++++++++- gcc/testsuite/g++.dg/ubsan/vptr-18.C | 25 +++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/gcc/cp/constexpr.c b/gcc/cp/constexpr.c index 2ef6de83830..b6f3e6e7a31 100644 --- a/gcc/cp/constexpr.c +++ b/gcc/cp/constexpr.c @@ -1998,11 +1998,20 @@ cxx_eval_dynamic_cast_fn (const constexpr_ctx *ctx, tree call, to the object under construction or destruction, this object is considered to be a most derived object that has the type of the constructor or destructor's class. */ - tree vtable = build_vfield_ref (obj, TREE_TYPE (obj)); + tree vtable = build_vfield_ref (obj, objtype); vtable = cxx_eval_constant_expression (ctx, vtable, /*lval*/false, non_constant_p, overflow_p); if (*non_constant_p) return call; + /* With -fsanitize=vptr, we initialize all vtable pointers to null, + so it's possible that we got a null pointer now. */ + if (integer_zerop (vtable)) + { + if (!ctx->quiet) + error_at (loc, "virtual table pointer is used uninitialized"); + *non_constant_p = true; + return integer_zero_node; + } /* VTABLE will be &_ZTV1A + 16 or similar, get _ZTV1A. */ vtable = extract_obj_from_addr_offset (vtable); const tree mdtype = DECL_CONTEXT (vtable); diff --git a/gcc/testsuite/g++.dg/ubsan/vptr-18.C b/gcc/testsuite/g++.dg/ubsan/vptr-18.C new file mode 100644 index 00000000000..cd2ca0a9fb6 --- /dev/null +++ b/gcc/testsuite/g++.dg/ubsan/vptr-18.C @@ -0,0 +1,25 @@ +// PR c++/98103 +// { dg-do compile { target c++20 } } +// { dg-additional-options "-fsanitize=vptr -fno-sanitize-recover=vptr" } +// Modified constexpr-dynamic17.C. + +struct V { + virtual void f(); +}; + +struct A : V { }; + +struct B : V { + constexpr B(V*, A*); +}; + +struct D : B, A { + constexpr D() : B((A*)this, this) { } +}; + +constexpr B::B(V* v, A* a) +{ + dynamic_cast<B*>(a); // { dg-error "uninitialized" } +} + +constexpr D d;
reply other threads:[~2020-12-08 22:27 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20201208222706.B81EA3858C27@sourceware.org \ --to=mpolacek@gcc.gnu.org \ --cc=gcc-cvs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).