[Bug sanitizer/66308] -fsanitize=alignment is missing "downcast of misaligned address" checks
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66308
--- Comment #1 from Jonathan Wakely ---
When the char member is accessed:
struct node_base {
char c;
};
struct node : node_base {
long long l;
};
int main()
{
unsigned char buf[sizeof(node_base)+1];
node_base* n = (node_base*)(buf+1);
(void) static_cast(n)->c;
}
GCC again doesn't complain, but Clang complains about the downcast again and
also an upcast (when accessing the member of the base):
ubb.cc:13:10: runtime error: downcast of misaligned address 0xffedafe3 for type
'node', which requires 4 byte alignment
0xffedafe3: note: pointer points here
ff f0 d5 06 08 00 00 00 00 00 00 00 00 73 3b 6f 4a 01 00 00 00 84 b0 ed ff
8c b0 ed ff 20 69 61
^
ubb.cc:13:10: runtime error: upcast of misaligned address 0xffedafe3 for type
'node', which requires 4 byte alignment
0xffedafe3: note: pointer points here
ff f0 d5 06 08 00 00 00 00 00 00 00 00 73 3b 6f 4a 01 00 00 00 84 b0 ed ff
8c b0 ed ff 20 69 61
^
[Bug sanitizer/66308] -fsanitize=alignment is missing "downcast of misaligned address" checks
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66308 --- Comment #2 from Andrew Pinski --- Only the upcast is really a bug. Downcasting is not a problem here.
[Bug sanitizer/66308] -fsanitize=alignment is missing "downcast of misaligned address" checks
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66308
--- Comment #3 from Jonathan Wakely ---
When accessing the member of the derived type (which is actually misaligned):
struct node_base {
char c;
};
struct node : node_base {
long long l;
};
int main()
{
unsigned char* buf = new unsigned char[sizeof(node)+1];
node_base* n = (node_base*)(buf+1);
static_cast(n)->l = 0;
}
GCC complains when the object is in heap memory (but not on the stack):
ubc.cc:13:31: runtime error: member access within misaligned address
0x01c4ac21 for type 'struct node', which requires 8 byte alignment
0x01c4ac21: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 d1 03 02 00 00
^
But not as much as Clang does:
ubc.cc:13:3: runtime error: downcast of misaligned address 0x0269b011 for
type 'node', which requires 8 byte alignment
0x0269b011: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 e1 0f 02 00 00
^
ubc.cc:13:26: runtime error: member access within misaligned address
0x0269b011 for type 'node', which requires 8 byte alignment
0x0269b011: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 e1 0f 02 00 00
^
ubc.cc:13:26: runtime error: store to misaligned address 0x0269b019 for
type 'long long', which requires 8 byte alignment
0x0269b019: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e1 0f 02 00 00 00
00 00 00 00 00 00 00
^
I don't know ow many of these extra errors from clang are useful here, but for
the previous two cases the cast is undefined behaviour (the misaligned address
means the node_base* cannot point to a subobject of a node) and so there should
be some ubsan error.
[Bug sanitizer/66308] -fsanitize=alignment is missing "downcast of misaligned address" checks
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66308 --- Comment #4 from Jonathan Wakely --- (In reply to Andrew Pinski from comment #2) > Only the upcast is really a bug. Downcasting is not a problem here. The other way round, but I agree. However, if the two casts happen in different translation units and only the upcast is instrumented, it could be useful to get an error pointing out that you were given a node* that cannot really point to an object of type node.
