From patchwork Wed Dec 2 23:18:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marek Polacek X-Patchwork-Id: 1410039 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gcc.gnu.org Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=NIWDn6Jd; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CmZfm47S7z9s0b for ; Thu, 3 Dec 2020 10:19:12 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 65A89396E806; Wed, 2 Dec 2020 23:19:10 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 65A89396E806 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1606951150; bh=tI7ixJiXaQ+9qji9ZAzt9jiyMsCqgdFmDS6jhCiCvmc=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=NIWDn6Jd8ivS1Ep5duS9SwaW/jT+xCwY/mU+eaq1eldKe3C7u4ebRZDzJfToIA8NW F3/v5FdNzd1oc9prp/1/MLUP+XPTaD4/rHDhZv2exWg6GXmKmCR7ikrBWuCq8oXrdD yfzuSpJ4eeq2wrxF7KX0nRqqzYCqMhi78vwC5YGk= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by sourceware.org (Postfix) with ESMTP id EAEE53850439 for ; Wed, 2 Dec 2020 23:19:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org EAEE53850439 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-188-MHQUyfIsP92sTZADZXXYxA-1; Wed, 02 Dec 2020 18:19:06 -0500 X-MC-Unique: MHQUyfIsP92sTZADZXXYxA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2C725107ACF8 for ; Wed, 2 Dec 2020 23:19:05 +0000 (UTC) Received: from pdp-11.redhat.com (ovpn-112-85.rdu2.redhat.com [10.10.112.85]) by smtp.corp.redhat.com (Postfix) with ESMTP id BEF4460854; Wed, 2 Dec 2020 23:19:04 +0000 (UTC) To: Jason Merrill , GCC Patches Subject: [PATCH] c++: ICE with -fsanitize=vptr and constexpr dynamic_cast [PR98103] Date: Wed, 2 Dec 2020 18:18:57 -0500 Message-Id: <20201202231857.2416552-1-polacek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-15.0 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Marek Polacek via Gcc-patches From: Marek Polacek Reply-To: Marek Polacek Errors-To: gcc-patches-bounces@gcc.gnu.org Sender: "Gcc-patches" -fsanitize=vptr initializes all vtable pointers to null so that it can catch invalid calls; see cp_ubsan_maybe_initialize_vtbl_ptrs. That means that evaluating a vtable reference can produce a null pointer in this mode, so cxx_eval_dynamic_cast_fn should check that. Bootstrapped/regtested on x86_64-pc-linux-gnu, ok for trunk? gcc/cp/ChangeLog: PR c++/98103 * constexpr.c (cxx_eval_dynamic_cast_fn): If the evaluating of vtable yields a null pointer, return. gcc/testsuite/ChangeLog: PR c++/98103 * g++.dg/ubsan/vptr-18.C: New test. --- gcc/cp/constexpr.c | 4 +++- gcc/testsuite/g++.dg/ubsan/vptr-18.C | 27 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/g++.dg/ubsan/vptr-18.C base-commit: dc2b372ed1b1e9af6db45051cff95478c7616807 diff --git a/gcc/cp/constexpr.c b/gcc/cp/constexpr.c index 9a1a1db1267..8c6a9cf2b40 100644 --- a/gcc/cp/constexpr.c +++ b/gcc/cp/constexpr.c @@ -1996,7 +1996,9 @@ cxx_eval_dynamic_cast_fn (const constexpr_ctx *ctx, tree call, tree vtable = build_vfield_ref (obj, TREE_TYPE (obj)); vtable = cxx_eval_constant_expression (ctx, vtable, /*lval*/false, non_constant_p, overflow_p); - if (*non_constant_p) + /* With -fsanitize=vptr, we initialize all vtable pointers to null, + so it's possible that we got a null pointer now. */ + if (*non_constant_p || integer_zerop (vtable)) return call; /* VTABLE will be &_ZTV1A + 16 or similar, get _ZTV1A. */ vtable = extract_obj_from_addr_offset (vtable); diff --git a/gcc/testsuite/g++.dg/ubsan/vptr-18.C b/gcc/testsuite/g++.dg/ubsan/vptr-18.C new file mode 100644 index 00000000000..9f421c269bc --- /dev/null +++ b/gcc/testsuite/g++.dg/ubsan/vptr-18.C @@ -0,0 +1,27 @@ +// PR c++/98103 +// { dg-do compile { target c++20 } } +// { dg-additional-options "-fsanitize=vptr" } +// Modified constexpr-dynamic17.C. -fsanitize=vptr initializes all vtable +// pointers to null, so we don't get the "accessing uninitialized member" +// error. + +struct V { + virtual void f(); +}; + +struct A : V { }; + +struct B : V { + constexpr B(V*, A*); +}; + +struct D : B, A { + constexpr D() : B((A*)this, this) { } +}; + +constexpr B::B(V* v, A* a) +{ + dynamic_cast(a); +} + +constexpr D d;