c5ea8e9138
-fsanitize-memory-use-after-dtor detects memory access after a subobject is destroyed but its memory is not yet deallocated. This is done by poisoning each object memory near the end of its destructor. Subobjects (members and base classes) do this in their respective destructors, and the parent class does the same for its members with trivial destructors. Inexplicably, base classes with trivial destructors are not handled at all. This change fixes this oversight by adding the base class poisoning logic to the parent class destructor. Reviewed By: vitalybuka Differential Revision: https://reviews.llvm.org/D119300
26 lines
841 B
C++
26 lines
841 B
C++
// RUN: %clang_cc1 -fsanitize=memory -fsanitize-memory-use-after-dtor -disable-llvm-passes -std=c++11 -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s
|
|
// RUN: %clang_cc1 -O1 -fsanitize=memory -fsanitize-memory-use-after-dtor -disable-llvm-passes -std=c++11 -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s
|
|
|
|
// Base class has trivial dtor => complete dtor poisons base class memory directly.
|
|
|
|
class Base {
|
|
public:
|
|
int x[4];
|
|
};
|
|
|
|
class Derived : public Base {
|
|
public:
|
|
int y;
|
|
~Derived() {
|
|
}
|
|
};
|
|
|
|
Derived d;
|
|
|
|
// Poison members, then poison the trivial base class.
|
|
// CHECK-LABEL: define {{.*}}DerivedD2Ev
|
|
// CHECK: %[[GEP:[0-9a-z]+]] = getelementptr i8, i8* {{.*}}, i64 16
|
|
// CHECK: call void @__sanitizer_dtor_callback{{.*}}%[[GEP]], i64 4
|
|
// CHECK: call void @__sanitizer_dtor_callback{{.*}}, i64 16
|
|
// CHECK: ret void
|