ada: Fix bogus Address Sanitizer stack-buffer-overflow on packed array copy

The Address Sanitizer considers that the padding at the end of a justified
modular type may be accessed through the object, but it is never accessed
and therefore can always be reused.

gcc/ada/

	* gcc-interface/decl.cc (gnat_to_gnu_entity) <discrete_type>: Set
	the TYPE_JUSTIFIED_MODULAR_P flag earlier.
	* gcc-interface/misc.cc (gnat_unit_size_without_reusable_padding):
	New function.
	(LANG_HOOKS_UNIT_SIZE_WITHOUT_REUSABLE_PADDING): Redefine to above
	function.

diff --git a/gcc/ada/gcc-interface/decl.cc b/gcc/ada/gcc-interface/decl.cc
index aa31a888818f6d0eaa82e48a75c2900224873f83..5b3a3b4961b422682d87c59bd7df2b18981f6997 100644 (file)
--- a/gcc/ada/gcc-interface/decl.cc
+++ b/gcc/ada/gcc-interface/decl.cc
@@ -1976,6 +1976,7 @@ gnat_to_gnu_entity (Entity_Id gnat_entity, tree gnu_expr, bool definition)
 
          gnu_type = make_node (RECORD_TYPE);
          TYPE_NAME (gnu_type) = create_concat_name (gnat_entity, "JM");
+         TYPE_JUSTIFIED_MODULAR_P (gnu_type) = 1;
          TYPE_PACKED (gnu_type) = 1;
          TYPE_SIZE (gnu_type) = TYPE_SIZE (gnu_field_type);
          TYPE_SIZE_UNIT (gnu_type) = TYPE_SIZE_UNIT (gnu_field_type);
@@ -2006,7 +2007,6 @@ gnat_to_gnu_entity (Entity_Id gnat_entity, tree gnu_expr, bool definition)
 
          /* We will output additional debug info manually below.  */
          finish_record_type (gnu_type, gnu_field, 2, false);
-         TYPE_JUSTIFIED_MODULAR_P (gnu_type) = 1;
 
          /* Make the original array type a parallel/debug type.  Note that
             gnat_get_array_descr_info needs a TYPE_IMPL_PACKED_ARRAY_P type

diff --git a/gcc/ada/gcc-interface/misc.cc b/gcc/ada/gcc-interface/misc.cc
index b703f00d3c0b3b56917efd0b2751006fc13ea66c..4f6f6774fe70249d549e9d4d7cc93ee22d8d4d6a 100644 (file)
--- a/gcc/ada/gcc-interface/misc.cc
+++ b/gcc/ada/gcc-interface/misc.cc
@@ -760,6 +760,19 @@ gnat_type_max_size (const_tree gnu_type)
   return max_size_unit;
 }
 
+/* Return the unit size of TYPE without reusable tail padding.  */
+
+static tree
+gnat_unit_size_without_reusable_padding (tree type)
+{
+  /* The padding of justified modular types can always be reused.  */
+  if (TYPE_JUSTIFIED_MODULAR_P (type))
+    return fold_convert (sizetype,
+                        size_binop (CEIL_DIV_EXPR,
+                                    TYPE_ADA_SIZE (type), bitsize_unit_node));
+  return TYPE_SIZE_UNIT (type);
+}
+
 static tree get_array_bit_stride (tree);
 
 /* Provide information in INFO for debug output about the TYPE array type.
@@ -1407,6 +1420,8 @@ const struct scoped_attribute_specs *const gnat_attribute_table[] =
 #define LANG_HOOKS_TYPE_FOR_SIZE       gnat_type_for_size
 #undef  LANG_HOOKS_TYPES_COMPATIBLE_P
 #define LANG_HOOKS_TYPES_COMPATIBLE_P  gnat_types_compatible_p
+#undef  LANG_HOOKS_UNIT_SIZE_WITHOUT_REUSABLE_PADDING
+#define LANG_HOOKS_UNIT_SIZE_WITHOUT_REUSABLE_PADDING gnat_unit_size_without_reusable_padding
 #undef  LANG_HOOKS_GET_ARRAY_DESCR_INFO
 #define LANG_HOOKS_GET_ARRAY_DESCR_INFO        gnat_get_array_descr_info
 #undef  LANG_HOOKS_GET_SUBRANGE_BOUNDS
@@ -1433,7 +1448,7 @@ const struct scoped_attribute_specs *const gnat_attribute_table[] =
 #define LANG_HOOKS_DEEP_UNSHARING      true
 #undef  LANG_HOOKS_CUSTOM_FUNCTION_DESCRIPTORS
 #define LANG_HOOKS_CUSTOM_FUNCTION_DESCRIPTORS true
-#undef LANG_HOOKS_GET_SARIF_SOURCE_LANGUAGE
+#undef  LANG_HOOKS_GET_SARIF_SOURCE_LANGUAGE
 #define LANG_HOOKS_GET_SARIF_SOURCE_LANGUAGE gnat_get_sarif_source_language
 
 struct lang_hooks lang_hooks = LANG_HOOKS_INITIALIZER;