[poppler] Compiling poppler with clang
He Liu
h8liu at eng.ucsd.edu
Sun Aug 26 15:48:37 PDT 2012
>> 5. vtable pointer will be overwritten
>> Function.cc:422:10: warning: destination for this 'memcpy' call is a
>> pointer to dynamic class 'SampledFunction'; vtable pointer will be
>> overwritten [-Wdynamic-class-memaccess]
>> memcpy(this, func, sizeof(SampledFunction));
>> ~~~~~~ ^
>> Function.cc:422:10: note: explicitly cast the pointer to silence this
>> warning
>>
>> At least categrory 5. sound serious to me, I would never have copied
>> instances of C++ objects in that way, because it depends on the compiler
>> and the class if this causes problems on runtime, s. i.e.
>> http://weseetips.com/tag/afx_zero_init_object/,
>
> Note this is memset-ing to 0, not memcpy-ing a class to itself. To be honest i
> agree memcpy'in a SampledFunction to a SampledFunction is ugly, but i fail to
> see why it would not work.
Hi Albert,
:-)
A pointer of type SampleFunction* could be pointing to an instance of a SampleFunction sub-class, which has different vtable contents. As a result, one could construct a SampleFunction with SampleFunction(SampleFunction *) using a pointer to a sub-class instance, and overwrite the SampleFunction's vtable address with the sub-class's vtable address.
I am not sure if it will lead to any bugs/vulnerabilities in this case, but it is not safe practice in general. Since the vtable structure depends on how the compiler is implemented, memcpy or memset on object pointers will generally lead to undefined behaviors.
Thanks.
More information about the poppler
mailing list