https://llvm.org/bugs/show_bug.cgi?id=26095
Bug ID: 26095
Summary: -fsanitize=object-size checks sizes too eagerly
Product: clang
Version: trunk
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: C++
Assignee: unassignedclangb...@nondot.org
Reporter: george.burgess...@gmail.com
CC: dgre...@apple.com, llvm-bugs@lists.llvm.org
Classification: Unclassified
Compiling the following program with `-fsanitize=object-size` gives an
executable that traps:
struct Foo { };
struct Bar : public Foo { int i; };
Bar *volatile B;
int main() {
Foo F;
B = static_cast<Bar*>(&F);
return 0;
}
(Full set of flags used: ./bin/clang++ foo.cpp -fsanitize=object-size
-fsanitize-trap=all -O1 )
AFAIK, it's perfectly okay to cast a pointer to `T` to a
(non-member/non-function) pointer to any other type, so long as you don't
dereference the casted pointer as a non-{T, superclass-of-T, char}. So, this
code is sketchy, but valid.
This is mildly problematic, because libc++ takes advantage of the above trick
in its `__tree` implementation[1], which causes trapping when constructing
`std::map`s.
[1] - Specifically in `__tree::__end_node()`; it casts an `__end_node_t*` to a
`__node*`, when the `__end_node_t*` may point to something smaller than
`sizeof(__node)`
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
