https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92678
Bug ID: 92678
Summary: UB sanitizer and pointer to member functions with
multiple inheritance
Product: gcc
Version: 9.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: deng at randomsample dot de
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Consider this example:
#include <iostream>
class B1 {
public:
int b1;
virtual void mf1() { std::cout << "b1=" << b1 << std::endl; }
};
class B2 {
public:
int b2;
virtual void mf2() { std::cout << "b2=" << b2 << std::endl; }
};
class C : public B1, public B2 { };
void call_memfun (C obj, void (C::*pmf)())
{
(obj.*pmf)();
}
int main()
{
C obj;
obj.b2=1;
call_memfun(obj, &C::mf2);
}
Compilation with gcc 9.2.1:
g++ -Wall -g -fsanitize=undefined -o test test.cpp
Running 'test' results in the following output:
test.cpp:19:15: runtime error: member call on address 0x7ffff4d24610 which does
not point to an object of type 'C'
0x7ffff4d24600: note: object is base class subobject at offset 16 within object
of type 'C'
01 00 00 00 28 30 40 00 00 00 00 00 b6 15 40 00 00 00 00 00 40 30 40 00 00
00 00 00 01 00 00 00
^
~~~~~~~~~~~~~~~~~~~~~~~
vptr for 'B2'
base class of 'C'
So the sanitizer complains that 'pmf' in 'call_memfun' is actually a pointer to
B2::mf2(), which looks like a false-positive warning to me? If 'C' only
inherits from 'B2', the warning disappears.
