From: Thomas Bleher <ThomasBleher@gmx.de>
To: Xi Xue <wywywy3@outlook.com>
Cc: "gcc-help@gcc.gnu.org" <gcc-help@gcc.gnu.org>
Subject: Re: Runtime error about undefined behavior
Date: Mon, 25 Dec 2023 15:48:25 +0100 [thread overview]
Message-ID: <ZYmWOZAtKpMoqTm9@bluelight> (raw)
In-Reply-To: <SY8P282MB4321B7BE965C04FC2FF080D9E19BA@SY8P282MB4321.AUSP282.PROD.OUTLOOK.COM>
* Xi Xue via Gcc-help <gcc-help@gcc.gnu.org> [2023-12-24 00:50]:
> tw.cpp:53:19: runtime error: member access within address 0x7fe7f52ff800 which does not point to an object of type 'CachedObj'
> 0x7fe7f52ff800: note: object has invalid vptr
> 00 00 00 00 be be be be be be be be be be be be be be be be be be be be be be be be be be be be
> ^~~~~~~~~~~~~~~~~~~~~~~
> invalid vptr
> tw.cpp:41:39: runtime error: member access within address 0x7fe7f53ff7c0 which does not point to an object of type 'CachedObj'
> 0x7fe7f53ff7c0: note: object has invalid vptr
> 00 00 00 00 00 00 00 00 00 00 00 00 a0 f7 3f f5 e7 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ^~~~~~~~~~~~~~~~~~~~~~~
> invalid vptr
> I am referring to a derived class. Access to the "next" member of the base class.Is this a runtime error?
I think you are missing a constructor call:
> template <class T> void *CachedObj<T>::operator new(size_t sz)
> {
> if (sz != sizeof(T))
> throw std::runtime_error(
> "CachedObj:wrong size object in operator new");
> if (!freeStore) {
> T *array = alloc_mem.allocate(chunk);
> for (size_t i = 0; i != chunk; ++i)
> add_to_freelist(&array[i]);
Here add_to_freelist is called with a pointer to uninitialized storage
(see https://en.cppreference.com/w/cpp/memory/allocator/allocate:
"Allocates n * sizeof(T) bytes of uninitialized storage")
The function stores the pointer to the uninitalized memory in freeStore.
> }
> T *p = freeStore;
> freeStore = freeStore->CachedObj<T>::next;
This treats freeStore as an initialized object and accesses its member
(but there doesn't seem to be any constructor call to actually
initialize the object).
So I think UBSan is correct here.
> return p;
> }
>
> template <class T> void CachedObj<T>::operator delete(void *p, size_t)
> {
> if (p != 0)
> add_to_freelist(static_cast<T *>(p));
> }
> template <class T> void CachedObj<T>::add_to_freelist(T *p)
> {
> p->CachedObj<T>::next = freeStore;
> freeStore = p;
> }
Best regards,
Thomas
prev parent reply other threads:[~2023-12-25 14:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-23 23:49 Xi Xue
2023-12-25 14:48 ` Thomas Bleher [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZYmWOZAtKpMoqTm9@bluelight \
--to=thomasbleher@gmx.de \
--cc=gcc-help@gcc.gnu.org \
--cc=wywywy3@outlook.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).