This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug sanitizer/71498] ubsan bounds checking influenced by surrounding code
- From: "jakub at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Mon, 13 Jun 2016 11:29:16 +0000
- Subject: [Bug sanitizer/71498] ubsan bounds checking influenced by surrounding code
- Auto-submitted: auto-generated
- References: <bug-71498-4 at http dot gcc dot gnu dot org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71498
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
That has been explained in the submission - walk_tree normally walks the
initializers of all vars mentioned in BIND_EXPR_VARS, including TREE_STATIC
ones, but obviously we don't want to instrument anything in the initializers of
TREE_STATIC decls.
That said, what the code actually does is obviously wrong, even if there are
any TREE_STATIC decls, we still want to walk the body of the BIND_EXPR, and for
the case that no decl has TREE_STATIC, we unnecessarily try to walk all the
DECL_INITIAL/DECL_SIZE* twice (it stops early, as it is a walk without
duplicates, but anyway).
So untested patch should fix this:
--- c-gimplify.c.jj 2016-01-27 19:47:27.000000000 +0100
+++ c-gimplify.c 2016-06-13 13:27:06.531549561 +0200
@@ -67,23 +67,23 @@ ubsan_walk_array_refs_r (tree *tp, int *
{
hash_set<tree> *pset = (hash_set<tree> *) data;
- /* Since walk_tree doesn't call the callback function on the decls
- in BIND_EXPR_VARS, we have to walk them manually. */
if (TREE_CODE (*tp) == BIND_EXPR)
{
+ /* Since walk_tree doesn't call the callback function on the decls
+ in BIND_EXPR_VARS, we have to walk them manually, so we can avoid
+ instrumenting DECL_INITIAL of TREE_STATIC vars. */
+ *walk_subtrees = 0;
for (tree decl = BIND_EXPR_VARS (*tp); decl; decl = DECL_CHAIN (decl))
{
if (TREE_STATIC (decl))
- {
- *walk_subtrees = 0;
- continue;
- }
+ continue;
walk_tree (&DECL_INITIAL (decl), ubsan_walk_array_refs_r, pset,
pset);
walk_tree (&DECL_SIZE (decl), ubsan_walk_array_refs_r, pset, pset);
walk_tree (&DECL_SIZE_UNIT (decl), ubsan_walk_array_refs_r, pset,
pset);
}
+ walk_tree (&BIND_EXPR_BODY (*tp), ubsan_walk_array_refs_r, pset, pset);
}
else if (TREE_CODE (*tp) == ADDR_EXPR
&& TREE_CODE (TREE_OPERAND (*tp, 0)) == ARRAY_REF)