Fix sanitizer/67258 by cherry picking upstream patch

PR sanitizer/67258
	* ubsan/ubsan_type_hash.cc: Cherry pick upstream r244101.

Upstraem patch:
commit 1d2477faafda9ad2cc19927b3c31efd22747f013
Author: Alexey Samsonov <vonosmas@gmail.com>
Date:   Wed Aug 5 19:35:46 2015 +0000

    [UBSan] Fix UBSan-vptr false positive.

    Offset from vptr to the start of most-derived object can actually
    be positive in some virtual base class vtables.

    Patch by Stephan Bergmann!

    git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@244101 91177308-0d34-0410-b5e6-96231b3b80d8

From-SVN: r227591

gcc/testsuite/g++.dg/ubsan/vptr-10.C

@@ -0,0 +1,15 @@
+// { dg-do run }
+// { dg-options "-fsanitize=vptr -fno-sanitize-recover=vptr" }
+
+struct A
+{
+    virtual ~A() {}
+};
+struct B : virtual A {};
+struct C : virtual A {};
+struct D : B, virtual C {};
+
+int main()
+{
+    D d;
+}

libsanitizer/ChangeLog

@@ -1,3 +1,8 @@
+2015-09-09  Markus Trippelsdorf  <markus@trippelsdorf.de>
+
+	PR sanitizer/67258
+	* ubsan/ubsan_type_hash.cc: Cherry pick upstream r244101.
+
 2015-07-29  Markus Trippelsdorf  <markus@trippelsdorf.de>
 
 	PR sanitizer/63927

libsanitizer/ubsan/ubsan_type_hash.cc

@@ -186,8 +186,8 @@ namespace {
 
 struct VtablePrefix {
   /// The offset from the vptr to the start of the most-derived object.
-  /// This should never be greater than zero, and will usually be exactly
-  /// zero.
+  /// This will only be greater than zero in some virtual base class vtables
+  /// used during object con-/destruction, and will usually be exactly zero.
   sptr Offset;
   /// The type_info object describing the most-derived class type.
   std::type_info *TypeInfo;
@@ -197,7 +197,7 @@ VtablePrefix *getVtablePrefix(void *Object) {
   if (!*VptrPtr)
     return 0;
   VtablePrefix *Prefix = *VptrPtr - 1;
-  if (Prefix->Offset > 0 || !Prefix->TypeInfo)
+  if (!Prefix->TypeInfo)
     // This can't possibly be a valid vtable.
     return 0;
   return Prefix;