re PR sanitizer/81604 (Ubsan type reporting can be bogus in some cases)

	PR sanitizer/81604
	* ubsan.c (ubsan_type_descriptor): For UBSAN_PRINT_ARRAY don't
	change type to the element type, instead add eltype variable and
	use it where we are interested in the element type.

	* c-c++-common/ubsan/pr81604.c: New test.

From-SVN: r250733

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 0456556bb872b3b39be1731660b8fda9ee22dc9a..3b431ce83f4ff296f794f603886784a5233fb1c4 100644 (file)
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,10 @@
+2017-07-31  Jakub Jelinek  <jakub@redhat.com>
+
+       PR sanitizer/81604
+       * ubsan.c (ubsan_type_descriptor): For UBSAN_PRINT_ARRAY don't
+       change type to the element type, instead add eltype variable and
+       use it where we are interested in the element type.
+
 2017-07-27  Jakub Jelinek  <jakub@redhat.com>
 
        PR tree-optimization/81555

diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 8e1d64be7d27c0817d8447529f17ccc45306d93c..26841b60fe67b49ef45820f3279acb38597bd224 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2017-07-31  Jakub Jelinek  <jakub@redhat.com>
+
+       PR sanitizer/81604
+       * c-c++-common/ubsan/pr81604.c: New test.
+
 2017-07-27  Jakub Jelinek  <jakub@redhat.com>
 
        PR tree-optimization/81555

diff --git a/gcc/testsuite/c-c++-common/ubsan/pr81604.c b/gcc/testsuite/c-c++-common/ubsan/pr81604.c
new file mode 100644 (file)
index 0000000..a06de76
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/pr81604.c
@@ -0,0 +1,31 @@
+/* PR sanitizer/81604 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds,signed-integer-overflow" } */
+
+long a[10];
+
+__attribute__((noinline, noclone)) long *
+foo (int i)
+{
+  return &a[i];
+}
+
+__attribute__((noinline, noclone)) long
+bar (long x, long y)
+{
+  return x * y;
+}
+
+int
+main ()
+{
+  volatile int i = -1;
+  volatile long l = __LONG_MAX__;
+  long *volatile p;
+  p = foo (i);
+  l = bar (l, l);
+  return 0;
+}
+
+/* { dg-output "index -1 out of bounds for type 'long int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*signed integer overflow: \[0-9]+ \\* \[0-9]+ cannot be represented in type 'long int'" } */

diff --git a/gcc/ubsan.c b/gcc/ubsan.c
index 570d1b4b5f6c90ba3808d6d8b99f3519d5070f68..351faa46a550adaa00d227ea3e66e4b55d4a9413 100644 (file)
--- a/gcc/ubsan.c
+++ b/gcc/ubsan.c
@@ -431,6 +431,7 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
     /* We weren't able to determine the type name.  */
     tname = "<unknown>";
 
+  tree eltype = type;
   if (pstyle == UBSAN_PRINT_POINTER)
     {
       pp_printf (&pretty_name, "'%s%s%s%s%s%s%s",
@@ -479,12 +480,12 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
       pp_quote (&pretty_name);
 
       /* Save the tree with stripped types.  */
-      type = t;
+      eltype = t;
     }
   else
     pp_printf (&pretty_name, "'%s'", tname);
 
-  switch (TREE_CODE (type))
+  switch (TREE_CODE (eltype))
     {
     case BOOLEAN_TYPE:
     case ENUMERAL_TYPE:
@@ -494,9 +495,9 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
     case REAL_TYPE:
       /* FIXME: libubsan right now only supports float, double and
         long double type formats.  */
-      if (TYPE_MODE (type) == TYPE_MODE (float_type_node)
-         || TYPE_MODE (type) == TYPE_MODE (double_type_node)
-         || TYPE_MODE (type) == TYPE_MODE (long_double_type_node))
+      if (TYPE_MODE (eltype) == TYPE_MODE (float_type_node)
+         || TYPE_MODE (eltype) == TYPE_MODE (double_type_node)
+         || TYPE_MODE (eltype) == TYPE_MODE (long_double_type_node))
        tkind = 0x0001;
       else
        tkind = 0xffff;
@@ -505,7 +506,7 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
       tkind = 0xffff;
       break;
     }
-  tinfo = get_ubsan_type_info_for_type (type);
+  tinfo = get_ubsan_type_info_for_type (eltype);
 
   /* Create a new VAR_DECL of type descriptor.  */
   const char *tmp = pp_formatted_text (&pretty_name);