Access to virtual functions and members declared in virtual bases after destruction, due to poisoning of vtable pointer.
Pointer is poisoned after destroying virtual bases and members, just before returning from base destructor.
Details
Diff Detail
Event Timeline
Please update the revision title and description to reflect its contents.
test/msan/dtor-multiple-inheritance.cc | ||
---|---|---|
89 | typo | |
95 | Maybe it would be easier to make these pointers global and use them in the various destructors to get rid of all the *_ptr members, and set_ptrs code. This would make the test almost 2x shorter. |
The description says "just before returning from base destructor" - is it true? I though it would be the complete destructor.
test/msan/dtor-multiple-inheritance.cc | ||
---|---|---|
33 | These two lines check the same thing, one can be removed. The same in multiple places below. |
- Clean test case & comments.
- Update tests for vptr poisoning order.
- Simplify test to rely upon globals.
- Assertions verify that vtable still accessible from dtors.
test/msan/dtor-vtable-multiple-inheritance.cc | ||
---|---|---|
14 ↗ | (On Diff #34736) | Check that A_foo can be called from ~A |
50 ↗ | (On Diff #34736) | To test this, place this call under a macro, and add a RUN line with -DMACRO, expecting a crash with a report. Do the same for all other expected crashes (each with a different macro). |
test/msan/dtor-vtable-multiple-inheritance.cc | ||
---|---|---|
7 ↗ | (On Diff #34756) | This could not work, the syntax is -DMACRO=1, "D" being the flag name, and not part of the macro name. |
test/msan/dtor-vtable-multiple-inheritance.cc | ||
---|---|---|
15 ↗ | (On Diff #34821) | Executing these functions should crash the test |
test/msan/dtor-vtable-multiple-inheritance.cc | ||
---|---|---|
15 ↗ | (On Diff #34821) | I don't understand. Are you saying that this functionality will stay broken or incomplete even when the vptr change is landed? If not, there should be no XFAIL. Add "not" to the RUN lines that are expected to crash. |
These two lines check the same thing, one can be removed. The same in multiple places below.