https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67515
Markus Trippelsdorf <trippels at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Last reconfirmed| |2015-09-09
CC| |trippels at gcc dot gnu.org
Resolution|INVALID |---
Ever confirmed|0 |1
--- Comment #3 from Markus Trippelsdorf <trippels at gcc dot gnu.org> ---
markus@x4 tmp % cat ub.ii
extern "C" void memset(void *, int, int);
struct A {
A(int) {}
};
struct test : A {
test() : A(m_fn1()) {}
int m_fn1() { return 0; }
virtual ~test() {}
};
int a[8];
void *operator new(unsigned long, void *p2) { return p2; }
int main() {
test b;
memset(a, '\x7f', sizeof 0);
new (a) test;
}
markus@x4 tmp % clang++ -fsanitize=undefined -O3 ub.ii -Wall -Wextra
markus@x4 tmp % ./a.out
markus@x4 tmp % g++ -fsanitize=undefined -O3 ub.ii -Wall -Wextra
markus@x4 tmp % ./a.out
ub.ii:6:19: runtime error: member call on address 0x7ffddf2a17b0 which does not
point to an object of type 'test'
0x7ffddf2a17b0: note: object has invalid vptr
00 00 00 00 a0 18 2a df fd 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 f0 04 42 02
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
[1] 31199 segmentation fault ./a.out
(In reply to Jonathan Wakely from comment #2)
> A message about a vptr is a bit mis-leading for non-virtual call, so maybe
> that could be improved, but in essence 'this' is not well-defined at that
> point.
But it shouldn't segfault in __ubsan::checkDynamicType().
