This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug sanitizer/81598] -fsanitize=enum does not detect range violation
- From: "marxin at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Thu, 03 Aug 2017 10:59:01 +0000
- Subject: [Bug sanitizer/81598] -fsanitize=enum does not detect range violation
- Auto-submitted: auto-generated
- References: <bug-81598-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81598
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2017-08-03
CC| |mpolacek at gcc dot gnu.org
Ever confirmed|0 |1
Severity|normal |enhancement
--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
I believe we can instrument more in order to catch more situations:
enum values
{
A = 1000,
B = 30,
C = 100
};
enum values g;
int main(int argc, char **argv)
{
enum values x = (enum values)argc;
if (x == 12345)
return 1;
return g;
switch (x)
{
case A:
return 1;
case C:
return 2;
case 123:
return 3;
}
}
In this case, CFG is based on values that are undefined. As I've been working
on research of switch statement, I noticed that it's very common that switch
covers all possibly values of an enumeral type. Having that, we can instrument
default label with some UBSAN call.