[Bug c++/70035] New: [5.3 regression] Calling a non-virtual member in base-class constructor call with ubsan causes segfault when superclass has virtual member with same name

teemperor at gmail dot com Tue, 01 Mar 2016 16:41:41 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70035


            Bug ID: 70035
           Summary: [5.3 regression] Calling a non-virtual member in
                    base-class constructor call with ubsan causes segfault
                    when superclass has virtual member with same name
           Product: gcc
           Version: 5.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: teemperor at gmail dot com
  Target Milestone: ---

Created attachment 37837
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=37837&action=edit
Small testcase triggering the bug

Bug is quite specific, only applies to situations where:

* A initializer list calls constructor of parent class.
* This constructor call args calls a non-virtual method
  defined in the current class
* The parent class has a virtual method with the same name
  (but different signature)

In those cases ubsan causes a segfault.

It only happens in 5.3, didn't experience the bug in 5.2 and previous versions.

I've attached an minimal testcase. Running it produces on my system:

#################################################
% g++ -fsanitize=undefined  -Wall -Wextra -g segfault_ubsan.cpp && ./a.out
ubsan_segfault.cpp:7:12: warning: unused parameter 'i' [-Wunused-parameter]
   Base(int i) {
            ^
[1]    12911 segmentation fault (core dumped)  ./a.out
#################################################

Running the testcase with clang 3.7.1 is fine:
#################################################
% clang++ -fsanitize=undefined  -Wall -Wextra -g segfault_ubsan.cpp && ./a.out
segfault_ubsan.cpp:7:12: warning: unused parameter 'i' [-Wunused-parameter]
                Base(int i) {
                         ^
1 warning generated.
#################################################


gdb-bt:
#################################################
Program received signal SIGSEGV, Segmentation fault.
__cxxabiv1::__dynamic_cast (src_ptr=0x1c, src_type=0x7ffff7dcb5a0 <typeinfo for
std::type_info>, dst_type=0x7ffff7dca8f0 <typeinfo for
__cxxabiv1::__class_type_info>, src2dst=src2dst@entry=0)
    at
/build/gcc-multilib/src/gcc-5-20160209/libstdc++-v3/libsupc++/dyncast.cc:50
50     
/build/gcc-multilib/src/gcc-5-20160209/libstdc++-v3/libsupc++/dyncast.cc: No
such file or directory.
(gdb) bt
#0  __cxxabiv1::__dynamic_cast (src_ptr=0x1c, src_type=0x7ffff7dcb5a0 <typeinfo
for std::type_info>, dst_type=0x7ffff7dca8f0 <typeinfo for
__cxxabiv1::__class_type_info>, src2dst=src2dst@entry=0)
    at
/build/gcc-multilib/src/gcc-5-20160209/libstdc++-v3/libsupc++/dyncast.cc:50
#1  0x00007ffff6a4beb0 in __ubsan::checkDynamicType
(Object=Object@entry=0x7fffffffd910, Type=0x400b58 <typeinfo for Child>,
Hash=16569236629162752260)
    at
/build/gcc-multilib/src/gcc-5-20160209/libsanitizer/ubsan/ubsan_type_hash.cc:225
#2  0x00007ffff6a4b336 in HandleDynamicTypeCacheMiss (Data=0x601380,
Pointer=140737488345360, Hash=<optimized out>, Opts=...) at
/build/gcc-multilib/src/gcc-5-20160209/libsanitizer/ubsan/ubsan_handlers_cxx.cc:31
#3  0x00007ffff6a4bb73 in __ubsan::__ubsan_handle_dynamic_type_cache_miss
(Data=<optimized out>, Pointer=<optimized out>, Hash=<optimized out>)
    at
/build/gcc-multilib/src/gcc-5-20160209/libsanitizer/ubsan/ubsan_handlers_cxx.cc:74
#4  0x00000000004009db in Child::Child (this=0x7fffffffd910, param=20) at
segfault_ubsan.cpp:19
#5  0x000000000040089f in main () at segfault_ubsan.cpp:28

#################################################


GCC-Information:

Using built-in specs.
COLLECT_GCC=g++
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-unknown-linux-gnu/5.3.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: /build/gcc-multilib/src/gcc-5-20160209/configure --prefix=/usr
--libdir=/usr/lib --libexecdir=/usr/lib --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=https://bugs.archlinux.org/
--enable-languages=c,c++,ada,fortran,go,lto,objc,obj-c++ --enable-shared
--enable-threads=posix --enable-libmpx --with-system-zlib --with-isl
--enable-__cxa_atexit --disable-libunwind-exceptions --enable-clocale=gnu
--disable-libstdcxx-pch --disable-libssp --enable-gnu-unique-object
--enable-linker-build-id --enable-lto --enable-plugin
--enable-install-libiberty --with-linker-hash-style=gnu
--enable-gnu-indirect-function --enable-multilib --disable-werror
--enable-checking=release
Thread model: posix
gcc version 5.3.0 (GCC)
System is Arch Linux.

[Bug c++/70035] New: [5.3 regression] Calling a non-virtual member in base-class constructor call with ubsan causes segfault when superclass has virtual member with same name

Reply via email to