This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug sanitizer/82072] sanitizer does not detect an overflow from LLONG_MIN
- From: "mpolacek at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Fri, 01 Sep 2017 16:08:16 +0000
- Subject: [Bug sanitizer/82072] sanitizer does not detect an overflow from LLONG_MIN
- Auto-submitted: auto-generated
- References: <bug-82072-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82072
--- Comment #8 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
(In reply to Jakub Jelinek from comment #7)
> (In reply to Marek Polacek from comment #6)
> > This should fix the two issues above:
> >
> > --- a/gcc/convert.c
> > +++ b/gcc/convert.c
> > @@ -434,6 +434,12 @@ do_narrow (location_t loc,
> > typex = lang_hooks.types.type_for_size (TYPE_PRECISION (typex),
> > TYPE_UNSIGNED (typex));
> >
> > + /* The type demotion below might cause doing unsigned arithmetic
> > + instead of signed, and thus hide overflow bugs. */
> > + if (!TYPE_UNSIGNED (typex)
> > + && sanitize_flags_p (SANITIZE_SI_OVERFLOW))
> > + return NULL_TREE;
> > +
>
> Shouldn't we check ex_form here too, and only punt if it is an operation
> problematic for the particular ubsan sanitization?
> There is no reason why we can't e.g. narrow BIT_AND_EXPR.
Good idea.
> Have you checked the shift and division cases?
I did, but try as I might, I'm not able to trigger a similar bug.