This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug sanitizer/70541] unnoticed invalid dereference when using address sanitizer
- From: "jakub at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 05 Apr 2016 07:49:58 +0000
- Subject: [Bug sanitizer/70541] unnoticed invalid dereference when using address sanitizer
- Auto-submitted: auto-generated
- References: <bug-70541-4 at http dot gcc dot gnu dot org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70541
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
(In reply to Maxim Ostapenko from comment #1)
> @@ -2060,7 +2067,20 @@ maybe_instrument_call (gimple_stmt_iterator *iter)
> return true;
> }
If the function call returns a struct, then your patch wouldn't instrument it.
You need the bool instrumented = false; already above
if (gimple_store_p (stmt))
and set instrumented = true; there instead of gsi_next (iter); return true;
> - return false;
> + bool instrumented = false;
> + HOST_WIDE_INT args_num = gimple_call_num_args (stmt);
> + for (int i = 0; i < args_num; ++i)
> + {
> + if (is_arg_deref_p (TREE_CODE (gimple_call_arg (stmt, i))))
I'm not aware of any is_arg_deref_p predicate.
IMHO you should test:
if (!is_gimple_reg (gimple_call_arg (stmt, i)))
> + {
> + instrument_derefs (iter, gimple_call_arg (stmt, i),
> + gimple_location (stmt), false);
> + instrumented = true;
> + }
> + }
> + if (instrumented)
> + gsi_next (iter);
> + return instrumented;
As for the location_t thing, the fix would be to do in instrument_derefs
something like:
if (location == UNKNOWN_LOCATION)
location = EXPR_LOCATION (t);
after the early bail outs.