Skip to content

CFI breaks on trait Address Taken functions #115953

New issue
New issue
Closed
Closed
CFI breaks on trait Address Taken functions#115953
Assignees
rcvalle
Labels
A-sanitizersArea: Sanitizers for correctness and code qualityC-bugCategory: This is a bug.PG-exploit-mitigationsProject group: Exploit mitigationsT-compilerRelevant to the compiler team, which will review and decide on the PR/issue.requires-nightlyThis issue requires a nightly compiler in some way.
@maurer

Description

@maurer
maurer
opened on Sep 19, 2023
mmaurer@anyblade:~/github/rust-lang$ rustc -Z sanitizer=cfi -C lto -C codegen-units=1 badsample.rs
mmaurer@anyblade:~/github/rust-lang$ ./badsample 
Illegal instruction
mmaurer@anyblade:~/github/rust-lang$ rustc -C lto -C codegen-units=1 badsample.rs
mmaurer@anyblade:~/github/rust-lang$ ./badsample
mmaurer@anyblade:~/github/rust-lang$ cat badsample.rs 

trait Foo {
    fn foo(&self);
}

struct S;

impl Foo for S {
    fn foo(&self) {}
}

struct S2 {
    f: fn(&S)
}

impl S2 {
    fn foo(&self, s: &S) {
        (self.f)(s)
    }
}

fn main() {
    S2 { f: <S as Foo>::foo }.foo(&S)
}

This appears to happen because <S as Foo>::foo has CFI-type fn(&dyn Foo) rather than fn(&S).

cc @rcvalle

Metadata

Metadata

Assignees

Labels

A-sanitizersArea: Sanitizers for correctness and code qualityC-bugCategory: This is a bug.PG-exploit-mitigationsProject group: Exploit mitigationsT-compilerRelevant to the compiler team, which will review and decide on the PR/issue.requires-nightlyThis issue requires a nightly compiler in some way.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions