This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug sanitizer/82072] sanitizer does not detect an overflow from LLONG_MIN

From: "mpolacek at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Mon, 04 Sep 2017 13:17:29 +0000
Subject: [Bug sanitizer/82072] sanitizer does not detect an overflow from LLONG_MIN
Auto-submitted: auto-generated
References: <bug-82072-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82072

--- Comment #12 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
(In reply to Vittorio Zecca from comment #10)
> A related issue is the following:
> 
> /* UB sanitizer should detect undefined negation of LLONG_MIN */
> /* must be compiled with -fsanitize=undefined and run */
> #include <limits.h>
> int main()
> {
> long long int llnum=LLONG_MIN;
> unsigned  int unum;
> unum = - llnum;/*negation of -9223372036854775808 cannot be represented in
> type 'long long int'*/
> return 0;
> }
> 
> Or should I open a new bug?

This is related.  Due to case NEGATE_EXPR: in convert_to_integer_1:

 913               return convert (type,
 914                               fold_build1 (ex_form, typex,
 915                                            convert (typex,
 916                                                     TREE_OPERAND (expr,
0))));

instead of 
unum = (unsigned int) -llnum;
we create
unum = -(unsigned int) llnum;
hiding the overflow.

References:
- [Bug sanitizer/82072] New: sanitizer does not detect on overflow from LLONG_MIN
  - From: zeccav at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]