This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH] Another type demotion issue with ubsan (PR sanitizer/82072)
- From: Marek Polacek <polacek at redhat dot com>
- To: GCC Patches <gcc-patches at gcc dot gnu dot org>
- Date: Mon, 4 Sep 2017 16:21:01 +0200
- Subject: [PATCH] Another type demotion issue with ubsan (PR sanitizer/82072)
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=polacek at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 771C62C9764
Vittorio reported another issue with convert_to_integer_1: for
u = -l;
where u is unsigned and l is long long the function does:
911 return convert (type,
912 fold_build1 (ex_form, typex,
913 convert (typex,
914 TREE_OPERAND (expr, 0))));
so instead of
u = (unsigned int) -l;
it produced
u = -(unsigned int) l;
thus hiding the overflow. Fixed by moving the recently added check a little
bit above.
Bootstrapped/regtested on x86_64-linux, ok for trunk?
2017-09-04 Marek Polacek <polacek@redhat.com>
PR sanitizer/82072
* convert.c (convert_to_integer_1) <case NEGATE_EXPR>: Move the ubsan
check earlier.
* c-c++-common/ubsan/pr82072-2.c: New test.
diff --git gcc/convert.c gcc/convert.c
index 139d790fd98..bfe18fb0f43 100644
--- gcc/convert.c
+++ gcc/convert.c
@@ -886,6 +886,12 @@ convert_to_integer_1 (tree type, tree expr, bool dofold)
break;
case NEGATE_EXPR:
+ /* Using unsigned arithmetic for signed types may hide overflow
+ bugs. */
+ if (!TYPE_UNSIGNED (TREE_TYPE (TREE_OPERAND (expr, 0)))
+ && sanitize_flags_p (SANITIZE_SI_OVERFLOW))
+ break;
+ /* Fall through. */
case BIT_NOT_EXPR:
/* This is not correct for ABS_EXPR,
since we must test the sign before truncation. */
@@ -902,12 +908,7 @@ convert_to_integer_1 (tree type, tree expr, bool dofold)
TYPE_UNSIGNED (typex));
if (!TYPE_UNSIGNED (typex))
- {
- /* Using unsigned arithmetic may hide overflow bugs. */
- if (sanitize_flags_p (SANITIZE_SI_OVERFLOW))
- break;
- typex = unsigned_type_for (typex);
- }
+ typex = unsigned_type_for (typex);
return convert (type,
fold_build1 (ex_form, typex,
convert (typex,
diff --git gcc/testsuite/c-c++-common/ubsan/pr82072-2.c gcc/testsuite/c-c++-common/ubsan/pr82072-2.c
index e69de29bb2d..ff8aca4d942 100644
--- gcc/testsuite/c-c++-common/ubsan/pr82072-2.c
+++ gcc/testsuite/c-c++-common/ubsan/pr82072-2.c
@@ -0,0 +1,15 @@
+/* PR sanitizer/82072 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=signed-integer-overflow" } */
+
+int
+main ()
+{
+ long long int l = -__LONG_LONG_MAX__ - 1;
+ unsigned int u;
+ u = -l;
+ asm volatile ("" : "+r" (u));
+ return 0;
+}
+
+/* { dg-output "negation of -9223372036854775808 cannot be represented in type 'long long int'\[^\n\r]*; cast to an unsigned type to negate this value to itself" } */
Marek