invalid static_casts inside any_cast that trip clang's -fsanitize=undefined

[Jannis Harder <jix@…>]

The implementation of boost::any::any_cast(any * operand) uses a static_cast to convert from the held type to the requested type. The preceding check doesn't (and shouldn't) cover toplevel cv-qualifiers. In the trunk version the holder's ValueType contains a toplevel const; when requesting a non-const pointer to the held value the resulting static_cast is to a non-const pointer and thus invalid. Changing the holder's ValueType to a const type was probably unintended since it would make accesses through a non const pointer invalid no matter how it is cast. In the 1.54.0 release the holder's ValueType was non-const; this still causes a problem when requesting a const pointer to the held value as adding of const qualifiers through static_cast is still invalid.

Clang's -fsanitize=undefined is able to detect these invalid casts. This happens for the existing tests for the any library as well as for any code that makes use of program_options' variables_map.

In addition the parts of any that use C++11 rvalue-references seem to completely ignore cv-qualifiers and thus might be able to trigger a similar behavior, but I have not tested that.

Attached is a proposed fix that applies boost::remove_cv to the holder's ValueType as well as to the static_cast's target type, thereby avoiding any cv-qualifier mismatch or const removing casts. The addition of a const qualifier when requested happens implicitly outside of the static_cast.

It might still be possible to create holders with a const ValueType using the C++11 only parts, but I am not sure what the intended behavior should be.

[Antony Polukhin]

Fix was applied to the ​develop branch.

Sorry for the delay and great thanks for supplying a patch!