This is the mail archive of the
gdb-prs@sourceware.org
mailing list for the GDB project.
[Bug c++/22860] heap buffer overflow in value_contents_copy_raw
- From: "simon.marchi at ericsson dot com" <sourceware-bugzilla at sourceware dot org>
- To: gdb-prs at sourceware dot org
- Date: Mon, 19 Feb 2018 14:47:51 +0000
- Subject: [Bug c++/22860] heap buffer overflow in value_contents_copy_raw
- Auto-submitted: auto-generated
- References: <bug-22860-4717@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=22860
Simon Marchi <simon.marchi at ericsson dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |simon.marchi at ericsson dot com
--- Comment #1 from Simon Marchi <simon.marchi at ericsson dot com> ---
I debugged GDB a little bit, and this is due to virtual inheritance I think.
The layout of the vC structure (when used standalone) is:
0 vtable
4 vtable
8 vc
C vx
10 vA::va
14 vA::vx
And the layout of the vD structure is
0 vtable?
4 vtable?
8 vd
C vx
10 vtable?
14 vtable?
18 vB::vb
1C vB::vx
20 vA::va
24 vA::vx
28 vtable?
2C vtable?
30 vC::vc
34 vC::vx
Because of virtual inheritance, the vA base of vC is share with the vA base of
vD. Because of that, the vC object is not contiguous in memory. In
value_from_component, we are trying to extract the vC object from vD as a 24
bytes contiguous object from its location in vD. Asan warns when we try to
read the bytes just passed vD.
--
You are receiving this mail because:
You are on the CC list for the bug.