reference, declarationdefinition
definition → references, declarations, derived classes, virtual overrides
reference to multiple definitions → definitions
unreferenced
    1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
// RUN: %clangxx -std=c++11 -frtti -fsanitize=vptr -g %s -O3 -o %t
// RUN: %run %t &> %t.log
// RUN: cat %t.log | not count 0 && FileCheck --input-file %t.log %s || cat %t.log | count 0

// REQUIRES: cxxabi

#include <sys/mman.h>
#include <unistd.h>

class Base {
public:
  int i;
  virtual void print() {}
};

class Derived : public Base {
public:
  void print() {}
};


int main() {
  int page_size = getpagesize();

  void *non_accessible = mmap(nullptr, page_size * 2, PROT_NONE,
                              MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
  
  if (non_accessible == MAP_FAILED)
    return 0;

  void *accessible = mmap((char*)non_accessible + page_size, page_size,
                          PROT_READ | PROT_WRITE,
                          MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
  if (accessible == MAP_FAILED)
    return 0;

  char *c = new char[sizeof(Derived)];

  // The goal is to trigger a condition when Vptr points to accessible memory,
  // but VptrPrefix does not. That has been triggering SIGSEGV in UBSan code.
  void **vtable_ptr = reinterpret_cast<void **>(c);
  *vtable_ptr = (void*)accessible;

  Derived *list = (Derived *)c;

// CHECK: PR33221.cpp:[[@LINE+2]]:19: runtime error: member access within address {{.*}} which does not point to an object of type 'Base'
// CHECK-NEXT: invalid vptr
  int foo = list->i;
  return 0;
}