This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Avoid UB in tree-ssa-{dse,alias}*


On October 2, 2017 3:54:18 PM GMT+02:00, Jakub Jelinek <jakub@redhat.com> wrote:
>Hi!
>
>On the following testcase we get a ref where
>ref->offset fits into shwi, so does ref->size, but ref->offset +
>ref->size
>doesn't.  I see many spots where we just assume that ref->offset +
>ref->size
>is meaningful, so rather than adding overflow checking in all those
>spots,
>this patch instead let us punt in those cases.
>
>Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

OK. 

Richard. 

>2017-10-02  Jakub Jelinek  <jakub@redhat.com>
>
>	* tree-dfa.c (get_ref_base_and_extent): Set *pmax_size to -1
>	if *poffset + *pmax_size overflows in HOST_WIDE_INT.
>	Set *poffset to 0 and *psize and *pmax_size to -1 if
>	*poffset + *psize overflows in HOST_WIDE_INT.
>
>	* gcc.dg/pr82389.c: New test.
>
>--- gcc/tree-dfa.c.jj	2017-05-22 10:50:07.000000000 +0200
>+++ gcc/tree-dfa.c	2017-10-02 12:29:01.103394300 +0200
>@@ -654,7 +654,22 @@ get_ref_base_and_extent (tree exp, HOST_
>   if (!wi::fits_shwi_p (maxsize) || wi::neg_p (maxsize))
>     *pmax_size = -1;
>   else
>-    *pmax_size = maxsize.to_shwi ();
>+    {
>+      *pmax_size = maxsize.to_shwi ();
>+      if (*poffset > HOST_WIDE_INT_MAX - *pmax_size)
>+	*pmax_size = -1;
>+    }
>+
>+  /* Punt if *POFFSET + *PSIZE overflows in HOST_WIDE_INT, the callers
>don't
>+     check for such overflows individually and assume it works.  */
>+  if (*psize != -1 && *poffset > HOST_WIDE_INT_MAX - *psize)
>+    {
>+      *poffset = 0;
>+      *psize = -1;
>+      *pmax_size = -1;
>+
>+      return exp;
>+    }
> 
>   return exp;
> }
>--- gcc/testsuite/gcc.dg/pr82389.c.jj	2017-10-02 12:56:28.504213166
>+0200
>+++ gcc/testsuite/gcc.dg/pr82389.c	2017-10-02 12:57:46.820254081 +0200
>@@ -0,0 +1,13 @@
>+/* PR tree-optimization/82389 */
>+/* { dg-do compile { target lp64 } } */
>+/* { dg-options "-w -O3" } */
>+
>+struct S { char s[0x40000000]; } s;
>+
>+void
>+foo (struct S *p)
>+{
>+  char b[0x0ffffffff0000000L];
>+  *(struct S *)&b[0x0fffffffef000000L] = s;
>+  *p = *(struct S *)&b[0x0fffffffefffffffL];
>+}
>
>	Jakub


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]