From: jakub <jakub@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Thu, 26 Nov 2015 09:52:48 +0000 (+0000)
Subject: 	PR c++/68508
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e2225bd419ce30e32adc080be8cfe407d649fc95;p=thirdparty%2Fgcc.git

	PR c++/68508
	* cp-tree.h (cp_ubsan_maybe_instrument_downcast): Add INTYPE argument.
	* cp-ubsan.c (cp_ubsan_maybe_instrument_downcast): Likewise.  Use
	it instead of or in addition to TREE_TYPE (op).  Use
	is_properly_derived_from, return NULL_TREE if TREE_TYPE (intype) and
	TREE_TYPE (type) are the same type minus qualifiers.
	* typeck.c (build_static_cast_1): Adjust callers.

	* g++.dg/ubsan/pr68508.C: New test.


git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@230928 138bc75d-0d04-0410-961f-82ee72b054a4
---

diff --git a/gcc/cp/ChangeLog b/gcc/cp/ChangeLog
index 82a29a3b0f63..90d86dca052b 100644
--- a/gcc/cp/ChangeLog
+++ b/gcc/cp/ChangeLog
@@ -1,3 +1,13 @@
+2015-11-26  Jakub Jelinek  <jakub@redhat.com>
+
+	PR c++/68508
+	* cp-tree.h (cp_ubsan_maybe_instrument_downcast): Add INTYPE argument.
+	* cp-ubsan.c (cp_ubsan_maybe_instrument_downcast): Likewise.  Use
+	it instead of or in addition to TREE_TYPE (op).  Use
+	is_properly_derived_from, return NULL_TREE if TREE_TYPE (intype) and
+	TREE_TYPE (type) are the same type minus qualifiers.
+	* typeck.c (build_static_cast_1): Adjust callers.
+
 2015-11-25  Martin Sebor  <msebor@redhat.com>
 
 	PR c++/67876
diff --git a/gcc/cp/cp-tree.h b/gcc/cp/cp-tree.h
index 1672291f9b69..caa601d1c98a 100644
--- a/gcc/cp/cp-tree.h
+++ b/gcc/cp/cp-tree.h
@@ -6854,7 +6854,7 @@ extern bool cilk_valid_spawn                    (tree);
 /* In cp-ubsan.c */
 extern void cp_ubsan_maybe_instrument_member_call (tree);
 extern void cp_ubsan_instrument_member_accesses (tree *);
-extern tree cp_ubsan_maybe_instrument_downcast	(location_t, tree, tree);
+extern tree cp_ubsan_maybe_instrument_downcast	(location_t, tree, tree, tree);
 extern tree cp_ubsan_maybe_instrument_cast_to_vbase (location_t, tree, tree);
 
 /* -- end of C++ */
diff --git a/gcc/cp/cp-ubsan.c b/gcc/cp/cp-ubsan.c
index e780c2ef2f0f..6ffeb16ce1d2 100644
--- a/gcc/cp/cp-ubsan.c
+++ b/gcc/cp/cp-ubsan.c
@@ -243,13 +243,14 @@ cp_ubsan_instrument_member_accesses (tree *t_p)
 /* Instrument downcast.  */
 
 tree
-cp_ubsan_maybe_instrument_downcast (location_t loc, tree type, tree op)
+cp_ubsan_maybe_instrument_downcast (location_t loc, tree type,
+				    tree intype, tree op)
 {
   if (!POINTER_TYPE_P (type)
+      || !POINTER_TYPE_P (intype)
       || !POINTER_TYPE_P (TREE_TYPE (op))
-      || !CLASS_TYPE_P (TREE_TYPE (type))
       || !CLASS_TYPE_P (TREE_TYPE (TREE_TYPE (op)))
-      || !DERIVED_FROM_P (TREE_TYPE (TREE_TYPE (op)), TREE_TYPE (type)))
+      || !is_properly_derived_from (TREE_TYPE (type), TREE_TYPE (intype)))
     return NULL_TREE;
 
   return cp_ubsan_maybe_instrument_vptr (loc, op, TREE_TYPE (type), true,
diff --git a/gcc/cp/typeck.c b/gcc/cp/typeck.c
index 95178905f9e5..1d2943f50fb1 100644
--- a/gcc/cp/typeck.c
+++ b/gcc/cp/typeck.c
@@ -6590,7 +6590,8 @@ build_static_cast_1 (tree type, tree expr, bool c_cast_p,
       if (flag_sanitize & SANITIZE_VPTR)
 	{
 	  tree ubsan_check
-	    = cp_ubsan_maybe_instrument_downcast (input_location, type, expr);
+	    = cp_ubsan_maybe_instrument_downcast (input_location, type,
+						  intype, expr);
 	  if (ubsan_check)
 	    expr = ubsan_check;
 	}
@@ -6737,7 +6738,8 @@ build_static_cast_1 (tree type, tree expr, bool c_cast_p,
       if (flag_sanitize & SANITIZE_VPTR)
 	{
 	  tree ubsan_check
-	    = cp_ubsan_maybe_instrument_downcast (input_location, type, expr);
+	    = cp_ubsan_maybe_instrument_downcast (input_location, type,
+						  intype, expr);
 	  if (ubsan_check)
 	    expr = ubsan_check;
 	}
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 9d022fce86be..2e9f9623db8f 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2015-11-26  Jakub Jelinek  <jakub@redhat.com>
+
+	PR c++/68508
+	* g++.dg/ubsan/pr68508.C: New test.
+
 2015-11-25  Martin Sebor  <msebor@redhat.com>
 
 	PR c++/67876
diff --git a/gcc/testsuite/g++.dg/ubsan/pr68508.C b/gcc/testsuite/g++.dg/ubsan/pr68508.C
new file mode 100644
index 000000000000..ffe8f0071dbc
--- /dev/null
+++ b/gcc/testsuite/g++.dg/ubsan/pr68508.C
@@ -0,0 +1,15 @@
+// PR c++/68508
+// { dg-do compile }
+// { dg-options "-std=c++14 -fsanitize=vptr" }
+
+struct A
+{
+  virtual int foo () { return 0; }
+};
+
+const A &
+bar ()
+{
+  static A x = A ();
+  return (x);
+}