backport: re PR sanitizer/71498 (ubsan bounds checking influenced by surrounding...

	Backported from mainline
	2016-06-13  Jakub Jelinek  <jakub@redhat.com>

	PR sanitizer/71498
	* c-gimplify.c (ubsan_walk_array_refs_r): Set *walk_subtrees = 0 on
	all BIND_EXPRs, and on all BIND_EXPRs recurse also on BIND_EXPR_BODY.

	* c-c++-common/ubsan/bounds-13.c: New test.

From-SVN: r238095

diff --git a/gcc/c-family/ChangeLog b/gcc/c-family/ChangeLog
index eaac688a57bea8ac9c3ab52a9546f96f73a8a04b..8d5304a36806874bce26fa6a989ff59ae938d1fd 100644 (file)
--- a/gcc/c-family/ChangeLog
+++ b/gcc/c-family/ChangeLog
@@ -1,3 +1,12 @@
+2016-07-07  Jakub Jelinek  <jakub@redhat.com>
+
+       Backported from mainline
+       2016-06-13  Jakub Jelinek  <jakub@redhat.com>
+
+       PR sanitizer/71498
+       * c-gimplify.c (ubsan_walk_array_refs_r): Set *walk_subtrees = 0 on
+       all BIND_EXPRs, and on all BIND_EXPRs recurse also on BIND_EXPR_BODY.
+
 2016-07-05  Markus Trippelsdorf  <markus@trippelsdorf.de>
 
        PR c++/71214

diff --git a/gcc/c-family/c-gimplify.c b/gcc/c-family/c-gimplify.c
index 4e7a96f2be73a7f713de485ed4f70ee9638d3e2d..c6a67a1a446558683a5ff56c1fd5f31e8cbbab39 100644 (file)
--- a/gcc/c-family/c-gimplify.c
+++ b/gcc/c-family/c-gimplify.c
@@ -96,23 +96,23 @@ ubsan_walk_array_refs_r (tree *tp, int *walk_subtrees, void *data)
 {
   hash_set<tree> *pset = (hash_set<tree> *) data;
 
-  /* Since walk_tree doesn't call the callback function on the decls
-     in BIND_EXPR_VARS, we have to walk them manually.  */
   if (TREE_CODE (*tp) == BIND_EXPR)
     {
+      /* Since walk_tree doesn't call the callback function on the decls
+        in BIND_EXPR_VARS, we have to walk them manually, so we can avoid
+        instrumenting DECL_INITIAL of TREE_STATIC vars.  */
+      *walk_subtrees = 0;
       for (tree decl = BIND_EXPR_VARS (*tp); decl; decl = DECL_CHAIN (decl))
        {
          if (TREE_STATIC (decl))
-           {
-             *walk_subtrees = 0;
-             continue;
-           }
+           continue;
          walk_tree (&DECL_INITIAL (decl), ubsan_walk_array_refs_r, pset,
                     pset);
          walk_tree (&DECL_SIZE (decl), ubsan_walk_array_refs_r, pset, pset);
          walk_tree (&DECL_SIZE_UNIT (decl), ubsan_walk_array_refs_r, pset,
                     pset);
        }
+      walk_tree (&BIND_EXPR_BODY (*tp), ubsan_walk_array_refs_r, pset, pset);
     }
   else if (TREE_CODE (*tp) == ADDR_EXPR
           && TREE_CODE (TREE_OPERAND (*tp, 0)) == ARRAY_REF)

diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index ca998a0c1782057d8a5d46a8a1654e2b108c268c..0a61ba67fe0448215191c8c435979fea9d902dc7 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,6 +1,11 @@
 2016-07-07  Jakub Jelinek  <jakub@redhat.com>
 
        Backported from mainline
+       2016-06-13  Jakub Jelinek  <jakub@redhat.com>
+
+       PR sanitizer/71498
+       * c-c++-common/ubsan/bounds-13.c: New test.
+
        2016-04-13  Jakub Jelinek  <jakub@redhat.com>
  
        PR c++/70641

diff --git a/gcc/testsuite/c-c++-common/ubsan/bounds-13.c b/gcc/testsuite/c-c++-common/ubsan/bounds-13.c
new file mode 100644 (file)
index 0000000..25b0467
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/bounds-13.c
@@ -0,0 +1,31 @@
+/* PR sanitizer/71498 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds -Wno-array-bounds" } */
+
+struct S { int a[100]; int b, c; } s;
+
+__attribute__((noinline, noclone)) int
+foo (int x)
+{
+  return s.a[x];
+}
+
+__attribute__((noinline, noclone)) int
+bar (int x)
+{
+  static int *d = &s.a[99];
+  asm volatile ("" : : "r" (&d));
+  return s.a[x];
+}
+
+int
+main ()
+{
+  volatile int a = 0;
+  a += foo (100);
+  a += bar (100);
+  return 0;
+}
+
+/* { dg-output "index 100 out of bounds for type 'int \\\[100\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 100 out of bounds for type 'int \\\[100\\\]'\[^\n\r]*(\n|\r\n|\r)" } */