From: Jakub Jelinek Date: Mon, 31 Jul 2017 09:29:58 +0000 (+0200) Subject: re PR sanitizer/81604 (Ubsan type reporting can be bogus in some cases) X-Git-Tag: releases/gcc-5.5.0~134 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4da69f0e523714752b67e07d1065be53b3bf4698;p=thirdparty%2Fgcc.git re PR sanitizer/81604 (Ubsan type reporting can be bogus in some cases) PR sanitizer/81604 * ubsan.c (ubsan_type_descriptor): For UBSAN_PRINT_ARRAY don't change type to the element type, instead add eltype variable and use it where we are interested in the element type. * c-c++-common/ubsan/pr81604.c: New test. From-SVN: r250733 --- diff --git a/gcc/ChangeLog b/gcc/ChangeLog index 0456556bb872..3b431ce83f4f 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,10 @@ +2017-07-31 Jakub Jelinek + + PR sanitizer/81604 + * ubsan.c (ubsan_type_descriptor): For UBSAN_PRINT_ARRAY don't + change type to the element type, instead add eltype variable and + use it where we are interested in the element type. + 2017-07-27 Jakub Jelinek PR tree-optimization/81555 diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index 8e1d64be7d27..26841b60fe67 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,8 @@ +2017-07-31 Jakub Jelinek + + PR sanitizer/81604 + * c-c++-common/ubsan/pr81604.c: New test. + 2017-07-27 Jakub Jelinek PR tree-optimization/81555 diff --git a/gcc/testsuite/c-c++-common/ubsan/pr81604.c b/gcc/testsuite/c-c++-common/ubsan/pr81604.c new file mode 100644 index 000000000000..a06de76b0235 --- /dev/null +++ b/gcc/testsuite/c-c++-common/ubsan/pr81604.c @@ -0,0 +1,31 @@ +/* PR sanitizer/81604 */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds,signed-integer-overflow" } */ + +long a[10]; + +__attribute__((noinline, noclone)) long * +foo (int i) +{ + return &a[i]; +} + +__attribute__((noinline, noclone)) long +bar (long x, long y) +{ + return x * y; +} + +int +main () +{ + volatile int i = -1; + volatile long l = __LONG_MAX__; + long *volatile p; + p = foo (i); + l = bar (l, l); + return 0; +} + +/* { dg-output "index -1 out of bounds for type 'long int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "\[^\n\r]*signed integer overflow: \[0-9]+ \\* \[0-9]+ cannot be represented in type 'long int'" } */ diff --git a/gcc/ubsan.c b/gcc/ubsan.c index 570d1b4b5f6c..351faa46a550 100644 --- a/gcc/ubsan.c +++ b/gcc/ubsan.c @@ -431,6 +431,7 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle) /* We weren't able to determine the type name. */ tname = ""; + tree eltype = type; if (pstyle == UBSAN_PRINT_POINTER) { pp_printf (&pretty_name, "'%s%s%s%s%s%s%s", @@ -479,12 +480,12 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle) pp_quote (&pretty_name); /* Save the tree with stripped types. */ - type = t; + eltype = t; } else pp_printf (&pretty_name, "'%s'", tname); - switch (TREE_CODE (type)) + switch (TREE_CODE (eltype)) { case BOOLEAN_TYPE: case ENUMERAL_TYPE: @@ -494,9 +495,9 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle) case REAL_TYPE: /* FIXME: libubsan right now only supports float, double and long double type formats. */ - if (TYPE_MODE (type) == TYPE_MODE (float_type_node) - || TYPE_MODE (type) == TYPE_MODE (double_type_node) - || TYPE_MODE (type) == TYPE_MODE (long_double_type_node)) + if (TYPE_MODE (eltype) == TYPE_MODE (float_type_node) + || TYPE_MODE (eltype) == TYPE_MODE (double_type_node) + || TYPE_MODE (eltype) == TYPE_MODE (long_double_type_node)) tkind = 0x0001; else tkind = 0xffff; @@ -505,7 +506,7 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle) tkind = 0xffff; break; } - tinfo = get_ubsan_type_info_for_type (type); + tinfo = get_ubsan_type_info_for_type (eltype); /* Create a new VAR_DECL of type descriptor. */ const char *tmp = pp_formatted_text (&pretty_name);