[Boost-bugs] [Boost C++ Libraries] #8958: invalid static_casts inside any_cast that trip clang's -fsanitize=undefined

Date view	Thread view	Subject view	Author view

Subject: [Boost-bugs] [Boost C++ Libraries] #8958: invalid static_casts inside any_cast that trip clang's -fsanitize=undefined
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2013-08-02 13:30:36

Next message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #8933: on the windows platform async reads with multiple threads can produce random EOF errors"
Previous message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #8944: #next_include problem on FreeBSD"
Next in thread: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #8958: invalid static_casts inside any_cast that trip clang's -fsanitize=undefined"
Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #8958: invalid static_casts inside any_cast that trip clang's -fsanitize=undefined"
Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #8958: invalid static_casts inside any_cast that trip clang's -fsanitize=undefined"
Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #8958: invalid static_casts inside any_cast that trip clang's -fsanitize=undefined"
Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #8958: invalid static_casts inside any_cast that trip clang's -fsanitize=undefined"

#8958: invalid static_casts inside any_cast that trip clang's -fsanitize=undefined
-------------------------------------+---------------------
Reporter: Jannis Harder <jix@â€¦> | Owner: nasonov
Type: Bugs | Status: new
Milestone: To Be Determined | Component: any
Version: Boost Development Trunk | Severity: Problem
Keywords: |
-------------------------------------+---------------------
The implementation of boost::any::any_cast(any * operand) uses a
static_cast to convert from the held type to the requested type. The
preceding check doesn't (and shouldn't) cover toplevel cv-qualifiers. In
the trunk version the holder's !ValueType contains a toplevel const; when
requesting a non-const pointer to the held value the resulting static_cast
is to a non-const pointer and thus invalid. Changing the holder's
!ValueType to a const type was probably unintended since it would make
accesses through a non const pointer invalid no matter how it is cast. In
the 1.54.0 release the holder's !ValueType was non-const; this still
causes a problem when requesting a const pointer to the held value as
adding of const qualifiers through static_cast is still invalid.

Clang's -fsanitize=undefined is able to detect these invalid casts. This
happens for the existing tests for the any library as well as for any code
that makes use of program_options' variables_map.

In addition the parts of any that use C++11 rvalue-references seem to
completely ignore cv-qualifiers and thus might be able to trigger a
similar behavior, but I have not tested that.

Attached is a proposed fix that applies boost::remove_cv to the holder's
!ValueType as well as to the static_cast's target type, thereby avoiding
any cv-qualifier mismatch or const removing casts. The addition of a const
qualifier when requested happens implicitly outside of the static_cast.

It might still be possible to create holders with a const !ValueType using
the C++11 only parts, but I am not sure what the intended behavior should
be.

-- 
Ticket URL: <https://svn.boost.org/trac/boost/ticket/8958>
Boost C++ Libraries <http://www.boost.org/>
Boost provides free peer-reviewed portable C++ source libraries.

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:13 UTC