Open
Description
#include <new>
struct X {
X *p;
};
struct Y {
Y *p;
};
union U {
X head;
Y tail;
};
int main() {
U u;
new (&u) X{.p = 0};
new (&u) Y{.p = 0};
}(reduced from libc++'s std::variant implementation). This results in a false-positive diagnostics with -fsanitize=type:
==1==ERROR: TypeSanitizer: type-aliasing-violation on address 0x7fffaf0dc548 (pc 0x5e6468605ff7 bp 0x7fffaf0dc4f0 sp 0x7fffaf0dc480 tid 1)
WRITE of size 8 at 0x7fffaf0dc548 with type p1 _ZTS1Y (in Y at offset 0) accesses an existing object of type p1 _ZTS1X (in X at offset 0)
#0 0x5e6468605ff6 (/app/output.s+0x2aff6)Adding an explicit u.head.~X() call before the second placement new doesn't make a difference. Presumably type sanitizer isn't properly modeling new expressions (nor destructor / pseudo-destructor calls).