1 //===-- ubsan_type_hash_win.cc --------------------------------------------===//
2 //
3 // This file is distributed under the University of Illinois Open Source
4 // License. See LICENSE.TXT for details.
5 //
6 //===----------------------------------------------------------------------===//
7 //
8 // Implementation of type hashing/lookup for Microsoft C++ ABI.
9 //
10 //===----------------------------------------------------------------------===//
11 
12 #include "sanitizer_common/sanitizer_platform.h"
13 #include "ubsan_platform.h"
14 #if CAN_SANITIZE_UB && SANITIZER_WINDOWS
15 #include "ubsan_type_hash.h"
16 
17 #include "sanitizer_common/sanitizer_common.h"
18 
19 #include <typeinfo>
20 
21 struct CompleteObjectLocator {
22   int is_image_relative;
23   int offset_to_top;
24   int vfptr_offset;
25   int rtti_addr;
26   int chd_addr;
27   int obj_locator_addr;
28 };
29 
30 struct CompleteObjectLocatorAbs {
31   int is_image_relative;
32   int offset_to_top;
33   int vfptr_offset;
34   std::type_info *rtti_addr;
35   void *chd_addr;
36   CompleteObjectLocator *obj_locator_addr;
37 };
38 
checkDynamicType(void * Object,void * Type,HashValue Hash)39 bool __ubsan::checkDynamicType(void *Object, void *Type, HashValue Hash) {
40   // FIXME: Implement.
41   return false;
42 }
43 
44 __ubsan::DynamicTypeInfo
getDynamicTypeInfoFromVtable(void * VtablePtr)45 __ubsan::getDynamicTypeInfoFromVtable(void *VtablePtr) {
46   // The virtual table may not have a complete object locator if the object
47   // was compiled without RTTI (i.e. we might be reading from some other global
48   // laid out before the virtual table), so we need to carefully validate each
49   // pointer dereference and perform sanity checks.
50   CompleteObjectLocator **obj_locator_ptr =
51     ((CompleteObjectLocator**)VtablePtr)-1;
52   if (!IsAccessibleMemoryRange((uptr)obj_locator_ptr, sizeof(void*)))
53     return DynamicTypeInfo(0, 0, 0);
54 
55   CompleteObjectLocator *obj_locator = *obj_locator_ptr;
56   if (!IsAccessibleMemoryRange((uptr)obj_locator,
57                                sizeof(CompleteObjectLocator)))
58     return DynamicTypeInfo(0, 0, 0);
59 
60   std::type_info *tinfo;
61   if (obj_locator->is_image_relative == 1) {
62     char *image_base = ((char *)obj_locator) - obj_locator->obj_locator_addr;
63     tinfo = (std::type_info *)(image_base + obj_locator->rtti_addr);
64   } else if (obj_locator->is_image_relative == 0)
65     tinfo = ((CompleteObjectLocatorAbs *)obj_locator)->rtti_addr;
66   else
67     // Probably not a complete object locator.
68     return DynamicTypeInfo(0, 0, 0);
69 
70   if (!IsAccessibleMemoryRange((uptr)tinfo, sizeof(std::type_info)))
71     return DynamicTypeInfo(0, 0, 0);
72 
73   // Okay, this is probably a std::type_info. Request its name.
74   // FIXME: Implement a base class search like we do for Itanium.
75   return DynamicTypeInfo(tinfo->name(), obj_locator->offset_to_top,
76                          "<unknown>");
77 }
78 
79 #endif  // CAN_SANITIZE_UB && SANITIZER_WINDOWS
80