Index: lib/ubsan/ubsan_type_hash_itanium.cc
===================================================================
--- lib/ubsan/ubsan_type_hash_itanium.cc
+++ lib/ubsan/ubsan_type_hash_itanium.cc
@@ -197,7 +197,7 @@
 };
 VtablePrefix *getVtablePrefix(void *Vtable) {
   VtablePrefix *Vptr = reinterpret_cast<VtablePrefix*>(Vtable);
-  if (!Vptr)
+  if (!IsAccessibleMemoryRange((uptr)Vptr, sizeof(VtablePrefix)))
     return nullptr;
   VtablePrefix *Prefix = Vptr - 1;
   if (!Prefix->TypeInfo)
Index: test/ubsan/TestCases/TypeCheck/PR33221.cpp
===================================================================
--- /dev/null
+++ test/ubsan/TestCases/TypeCheck/PR33221.cpp
@@ -0,0 +1,24 @@
+// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr -g %s -O3 -o %t
+// RUN: %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: cxxabi
+
+class Base {
+public:
+  Base *next;
+  virtual void print() {}
+};
+
+class Derived : public Base {
+public:
+  void print() {}
+};
+
+int main() {
+  Derived *list = (Derived *)new char[sizeof(Derived)];
+
+// CHECK: PR33221.cpp:[[@LINE+1]]:9: runtime error: member access within address {{.*}} which does not point to an object of type 'Base'
+// CHECK-NEXT: object has invalid vptr
+  list->next = list + 1;
+  return 0;
+}