Skip to content

Fix null pointer dereference in weak_ref::get() #1232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kennykerr merged 5 commits into from
Nov 21, 2022
Merged

Fix null pointer dereference in weak_ref::get() #1232

kennykerr merged 5 commits into from
Nov 21, 2022

Conversation

@alvinhochun
Copy link
Contributor

@alvinhochun alvinhochun commented Nov 20, 2022

There was a null pointer dereference bug in weak_ref::get(). This happens to not cause any issues with MSVC, but does crash with MinGW ABI when built with optimizations, because a cast in winrt::get_self would adjust the (null) pointer by an offset due to the different vtable layout, which ends up escaping null checks.

I didn't notice this earlier because all my tests happen to be unoptimized Debug builds. I tracked down this bug with the help of UBSan.

Because of this, I have also enabled Release build checks for llvm-mingw, and enabled ASan+UBSan for the tests in Debug builds.

@alvinhochun
Fix null pointer dereference in weak_ref::get()
a09b946 
This happens to not cause any issues with MSVC, but does crash with
MinGW ABI when built with optimizations, because a cast in
`winrt::get_self` would adjust the (null) pointer by an offset due to
the different vtable layout, which ends up escaping null checks.
@alvinhochun
CI: Add llvm-mingw Release build and enable ASAN for Debug build
05ef583
@alvinhochun
Disable ASAN for test_cpp20/custom_error.cpp
707a698
@alvinhochun
Catch2: Backport change to prevent conflict with ASAN
a737493 
This backports catchorg/Catch2#2334.
@alvinhochun alvinhochun mentioned this pull request Nov 20, 2022
Merged
@kennykerr kennykerr merged commit 37bd17f into microsoft:master Nov 21, 2022
@alvinhochun alvinhochun mentioned this pull request Dec 6, 2022
Merged
@alvinhochun alvinhochun deleted the alvin/weakref-crash-fix branch December 11, 2022 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kennykerr kennykerr kennykerr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alvinhochun @kennykerr