Undefined behavior in Delegate::equals()

[jiixyj]

Expected behavior

equals() in Delegate.h does not trigger undefined behavior.

Actual behavior

equals() triggers UB; clang UBSan (-fsanitize=undefined) complains because of invalid member access. The reason for UB is that "other.unwrap()" can have a different type than "Delegate".

Steps to reproduce the problem

Compare two Delegates of different types with equals(). I'll try to write a simple test program.

POCO version

1.8.1

Compiler and version

Clang 5.0

Operating system and version

Ubuntu 17.10.1

Other relevant information

Maybe something like this could be workable? Still, the usage of offsetof could be problematic since it was UB before C++17 when used on non-trivial types...

	bool equals(const AbstractDelegate<TArgs>& other) const
	{
		const unsigned char* pOtherDelegate = reinterpret_cast<const unsigned char*>(other.unwrap());
		return pOtherDelegate &&
		    !std::memcmp(&_receiverObject, pOtherDelegate + offsetof(Delegate, _receiverObject), sizeof(_receiverObject)) &&
		    !std::memcmp(&_receiverMethod, pOtherDelegate + offsetof(Delegate, _receiverMethod), sizeof(_receiverMethod));
	}

[obiltschnig]

IMO the only working fix would be checking the type of the other delegate first, and only do the comparison if both are equivalent types.

	bool equals(const AbstractDelegate<TArgs>& other) const
	{
		const AbstractDelegate* pUnwrapped = other.unwrap();
		if (pUwrapped && typeid(*pUnwrapped) == typeid(*this))
		{
			const Delegate* pOtherDelegate = reinterpret_cast<const Delegate*>(pUnwrapped);
			return _receiverObject == pOtherDelegate->_receiverObject && _receiverMethod == pOtherDelegate->_receiverMethod;
		}
		else return false;
	}

One only can hope that the two type_info objects returned for two separate, but identical instantiations of the same template (e.g., same template, same argument types) compare equal.

The memcmp workaround does not help here, because a FunctionDelegate has a different memory layout and size than a Delegate.

[obiltschnig]

And now I'm wondering why there's that reinterpret_cast instead of a dynamic_cast, which would elegantly solve the issue.

[jiixyj]

Thank you, turning the reinterpret_casts into dynamic_casts fixes the UB issue for me.