c++: vptr ubsan and derived class [PR95311].

We weren't able to find OBJ_TYPE_REF_OBJECT walking through OBJ_TYPE_REF_EXPR because we had folded away the ADDR_EXPR. gcc/cp/ChangeLog: PR c++/95311 PR c++/95221 * class.c (build_vfn_ref): Don't fold the INDIRECT_REF. gcc/testsuite/ChangeLog: PR c++/95311 * g++.dg/ubsan/vptr-16.C: New test.
author: Jason Merrill <jason@redhat.com> 2020-05-29 11:59:33 -0400
committer: Jason Merrill <jason@redhat.com> 2020-05-29 12:21:21 -0400
commit: 8e915901deb3518d4bef73ea52eab2ece7a2bbf6 (patch)
tree: 2ef890b17ce82be48d3d6ae010a321f0ca2799c5 /gcc/cp
parent: 83c34c4452b2d5fea4536c865e34b3c63f9acff6 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/gcc/cp/class.c b/gcc/cp/class.c
index bab15524a60..ca492cdbd40 100644
--- a/gcc/cp/class.c
+++ b/gcc/cp/class.c
@@ -729,9 +729,13 @@ build_vtbl_ref (tree instance, tree idx)
 tree
 build_vfn_ref (tree instance_ptr, tree idx)
 {
-  tree aref;
+  tree obtype = TREE_TYPE (TREE_TYPE (instance_ptr));
+
+  /* Leave the INDIRECT_REF unfolded so cp_ubsan_maybe_instrument_member_call
+     can find instance_ptr.  */
+  tree ind = build1 (INDIRECT_REF, obtype, instance_ptr);
 
-  aref = build_vtbl_ref (cp_build_fold_indirect_ref (instance_ptr), idx);
+  tree aref = build_vtbl_ref (ind, idx);
 
   /* When using function descriptors, the address of the
      vtable entry is treated as a function pointer.  */
author	Jason Merrill <jason@redhat.com>	2020-05-29 11:59:33 -0400
committer	Jason Merrill <jason@redhat.com>	2020-05-29 12:21:21 -0400
commit	8e915901deb3518d4bef73ea52eab2ece7a2bbf6 (patch)
tree	2ef890b17ce82be48d3d6ae010a321f0ca2799c5 /gcc/cp
parent	83c34c4452b2d5fea4536c865e34b3c63f9acff6 (diff)