From c6f434733811f2766336955af706460ec27853fb Mon Sep 17 00:00:00 2001 From: Oli Scherer <git-spam-no-reply9815368754983@oli-obk.de> Date: Mon, 22 Jan 2024 12:27:43 +0000 Subject: [PATCH] Add regression test --- tests/ui/traits/upcast_soundness_bug.rs | 69 +++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 tests/ui/traits/upcast_soundness_bug.rs diff --git a/tests/ui/traits/upcast_soundness_bug.rs b/tests/ui/traits/upcast_soundness_bug.rs new file mode 100644 index 0000000000000..32e32850925f7 --- /dev/null +++ b/tests/ui/traits/upcast_soundness_bug.rs @@ -0,0 +1,69 @@ +#![feature(trait_upcasting)] +// known-bug: #120222 +// check-pass +//! This will segfault at runtime. + +pub trait SupSupA { + fn method(&self) {} +} +pub trait SupSupB {} +impl<T> SupSupA for T {} +impl<T> SupSupB for T {} + +pub trait Super<T>: SupSupA + SupSupB {} + +pub trait Unimplemented {} + +pub trait Trait<T1, T2>: Super<T1> + Super<T2> { + fn missing_method(&self) + where + T1: Unimplemented, + { + } +} + +impl<S, T> Super<T> for S {} + +impl<S, T1, T2> Trait<T1, T2> for S {} + +#[inline(never)] +pub fn user1() -> &'static dyn Trait<u8, u8> { + &() + /* VTABLE: + .L__unnamed_2: + .quad core::ptr::drop_in_place<()> + .asciz "\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000" + .quad example::SupSupA::method + .quad .L__unnamed_4 // SupSupB vtable (pointer) + .zero 8 // null pointer for missing_method + */ +} + +#[inline(never)] +pub fn user2() -> &'static dyn Trait<u8, u16> { + &() + /* VTABLE: + .L__unnamed_3: + .quad core::ptr::drop_in_place<()> + .asciz "\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000" + .quad example::SupSupA::method + .quad .L__unnamed_4 // SupSupB vtable (pointer) + .quad .L__unnamed_5 // Super<u16> vtable (pointer) + .zero 8 // null pointer for missing_method + */ +} + +fn main() { + let p: *const dyn Trait<u8, u8> = &(); + let p = p as *const dyn Trait<u8, u16>; // <- this is bad! + let p = p as *const dyn Super<u16>; // <- this upcast accesses improper vtable entry + // accessing from L__unnamed_2 the position for the 'Super<u16> vtable (pointer)', + // thus reading 'null pointer for missing_method' + + let p = p as *const dyn SupSupB; // <- this upcast dereferences (null) pointer from that entry + // to read the SupSupB vtable (pointer) + + // SEGFAULT + + println!("{:?}", p); +}