https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63345
Bug ID: 63345
Summary: Multiple undefined behaviors (static_cast<>) in
libstdc++-v3/include/bits
Product: gcc
Version: 4.8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: blee at gatech dot edu
Created attachment 33540
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33540&action=edit
Patching undefined behaviors.
Hi all,
We have recently developed a runtime detection tool to identify undefined
behaviors in static_cast<> (similar to -fsanitize=object-size/-fsanitize=vptr
in Clang, but we generalized these functions and coverages), and found several
undefined behaviors in libstdc++ (tested on 4.8, but also applicable to trunk
version).
This bug is related to the undefined behavior described in 5.2.9/11;
down-casting is undefined if the object that the pointer to be casted points to
is not a suboject of down-casting type. We also found that
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60734 already fixed two cases that
we are reporting here, but our tool reported 28 more cases.
By manually looking up the error report we got from running chromium (attached
the part of error reports: chromium_bits_errors.txt), we believe those are
truly undefined behaviors as specified in 5.2.9/11. We also tried to fix this
issues based on the report (attachment: undef_static_cast_in_bits.patch).
Thanks,
Byoungyoung
