-
Notifications
You must be signed in to change notification settings - Fork 764
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change StaticObject instance management to hopefully avoid UBSAN #470
Conversation
The static-object hack currently used requires passing an uninitialized reference as a reference. This fix uses a cast to void to hopefully avoid that undefined behavior.
Have you tested if this would get optimized by the compiler when optimizations are enabled? |
@volcoma The CI checks are done with optimization on; for Windows we run both a debug build and a release (optimized) build. If it's passing those everything should in theory be good, but I'll check this one out locally first to double check. |
Seems like this still works; if it blows up down the line we can easily revert the change. |
Cereal updated for work being done in another branch. This bump fixes some issues with the library. Tested v1.3.1 Bug fixes and minor enhancements: Fix typo in docs by @tankorsmash in Fix typo in docs USCiLab/cereal#597 Add MSVC 2019 to build, default ctor for static object by @AzothAmmo in Add MSVC 2019 to build, default ctor for static object USCiLab/cereal#593 Fix json.hpp compilation issue when int32_t is a long by @bblackham in Fix json.hpp compilation issue when int32_t is a long USCiLab/cereal#621 [cpp20] explicitly capture 'this' as copy by @lukaszgemborowski in [cpp20] explicitly capture 'this' as copy USCiLab/cereal#640 Fix rapidjson for Clang 10 by @groscoe2 in Fix rapidjson for Clang 10 USCiLab/cereal#645 Fixes to prevent clang-diagnostic errors by @johngladp in Fixes to prevent clang-diagnostic errors USCiLab/cereal#643 cleanup cmake files to be a little more moderen by @ClausKlein in cleanup cmake files to be a little more moderen USCiLab/cereal#659 GHSA-wgww-fh2f-c855: Store a copy of each serialized shared_ptr within the archive to prevent the shared_ptr to be freed to early. by @serpedon in CVE-2020-11105: Store a copy of each serialized shared_ptr within the archive to prevent the shared_ptr to be freed to early. USCiLab/cereal#667 add license files for components of cereal by @miartad in add license files for components of cereal USCiLab/cereal#676 Catch short documents in JSON input by @johnkeeping in Catch short documents in JSON input USCiLab/cereal#677 C++17: use inline globals for StaticObjects by @InBetweenNames in C++17: use inline globals for StaticObjects USCiLab/cereal#657 Use std::variant::emplace when loading by @kepler-5 in Use std::variant::emplace when loading USCiLab/cereal#699 Use std::optional::emplace() when loading non-empty optional by @kepler-5 in Use std::optional::emplace() when loading non-empty optional USCiLab/cereal#698 Fix itsNextName not clearing when not found + style change by @AzothAmmo in Fix itsNextName not clearing when not found + style change USCiLab/cereal#715 Update doctest to 2.4.6 + local fixes slated for upstream by @AzothAmmo in Update doctest to 2.4.6 + local fixes slated for upstream USCiLab/cereal#716 Fixed loading of std::vector by @Darred in Fixed loading of std::vector<bool> USCiLab/cereal#732 Update license to match BSD template by @AzothAmmo in Update license to match BSD template USCiLab/cereal#735 Update doctest to 2.4.7 by @AzothAmmo in Update doctest to 2.4.7 USCiLab/cereal#736 Use GNUInstallDirs instead of hard wiring install directories by @antonblanchard in Use GNUInstallDirs instead of hard wiring install directories USCiLab/cereal#710 This is not an exhaustive list of changes or individual contributions. See the closed issues or complete changelog for more information. v1.3.0 New features include: Deferred serialization for smart pointers (Stack overflow for large chains of shared_ptr (or smart pointers in general) USCiLab/cereal#185) Initial support for C++17 standard library variant and optional (thanks to @arximboldi, Add serialization support for C++17 std::optional and std::variant USCiLab/cereal#448) Support for std::atomic (thanks to @bluescarni, Implementation and testing of std::atomic serialization. USCiLab/cereal#277) Fixes and enhancements include: Vastly improved continuous integration testing (Appveyor updates + boost testing fixes USCiLab/cereal#568, Update Travis CI USCiLab/cereal#569) Fixed several issues related to compilation on newer compilers (Fixing various compilation warnings USCiLab/cereal#579, Add fall through comments to json.hpp USCiLab/cereal#587, Fix warning unused private member itsValueItEnd USCiLab/cereal#515) Fixed warnings with -Wconversion and -Wdocumentation (thanks to @WSoptics, Develop USCiLab/cereal#423) Performance improvements for polymorphic serialization (PolymorphicVirtualCaster StaticObject instantiation takes a very long time at app startup USCiLab/cereal#354) Minor fixes and enhancements include: Fixed a bug related to CEREAL_REGISTER_DYNAMIC_INIT with shared libraries (thanks to @m2tm, Issue correctly using CEREAL_REGISTER_DYNAMIC_INIT USCiLab/cereal#523) Avoid unnecessary undefined behavior with StaticObject (thanks to @erichkeane, Change StaticObject instance management to hopefully avoid UBSAN USCiLab/cereal#470) New version.hpp file describes cereal version (detect cereal version at compile time / version.hpp USCiLab/cereal#444) Ability to disable size=dynamic attribute in the XML archive (thanks to @hoensr, Add option to turn off the size=dynamic attributes of lists USCiLab/cereal#401) Other Notes The static checking for minimal serialization has been relaxed as there were many legitimate cases it was interfering with (thanks to @h-2, remove const check from load_minimal USCiLab/cereal#565) The vs2013 directory has been removed in favor of generating solutions with CMake (Remove vs2013 directory USCiLab/cereal#574)
The static-object hack currently used requires passing an
uninitialized reference as a reference. This fix uses a cast
to void to hopefully avoid that undefined behavior.