This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] Another type demotion issue with ubsan (PR sanitizer/82072)

From: Marek Polacek <polacek at redhat dot com>
To: GCC Patches <gcc-patches at gcc dot gnu dot org>
Date: Mon, 4 Sep 2017 16:21:01 +0200
Subject: [PATCH] Another type demotion issue with ubsan (PR sanitizer/82072)
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=polacek at redhat dot com
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 771C62C9764

Vittorio reported another issue with convert_to_integer_1: for
u = -l;
where u is unsigned and l is long long the function does:

 911               return convert (type,
 912                               fold_build1 (ex_form, typex,
 913                                            convert (typex,
 914                                                     TREE_OPERAND (expr, 0))));

so instead of
u = (unsigned int) -l;
it produced
u = -(unsigned int) l;
thus hiding the overflow.  Fixed by moving the recently added check a little
bit above.

Bootstrapped/regtested on x86_64-linux, ok for trunk?

2017-09-04  Marek Polacek  <polacek@redhat.com>

	PR sanitizer/82072
	* convert.c (convert_to_integer_1) <case NEGATE_EXPR>: Move the ubsan
	check earlier.

	* c-c++-common/ubsan/pr82072-2.c: New test.

diff --git gcc/convert.c gcc/convert.c
index 139d790fd98..bfe18fb0f43 100644
--- gcc/convert.c
+++ gcc/convert.c
@@ -886,6 +886,12 @@ convert_to_integer_1 (tree type, tree expr, bool dofold)
 	    break;
 
 	  case NEGATE_EXPR:
+	    /* Using unsigned arithmetic for signed types may hide overflow
+	       bugs.  */
+	    if (!TYPE_UNSIGNED (TREE_TYPE (TREE_OPERAND (expr, 0)))
+		&& sanitize_flags_p (SANITIZE_SI_OVERFLOW))
+	      break;
+	    /* Fall through.  */
 	  case BIT_NOT_EXPR:
 	    /* This is not correct for ABS_EXPR,
 	       since we must test the sign before truncation.  */
@@ -902,12 +908,7 @@ convert_to_integer_1 (tree type, tree expr, bool dofold)
 						    TYPE_UNSIGNED (typex));
 
 	      if (!TYPE_UNSIGNED (typex))
-		{
-		  /* Using unsigned arithmetic may hide overflow bugs.  */
-		  if (sanitize_flags_p (SANITIZE_SI_OVERFLOW))
-		    break;
-		  typex = unsigned_type_for (typex);
-		}
+		typex = unsigned_type_for (typex);
 	      return convert (type,
 			      fold_build1 (ex_form, typex,
 					   convert (typex,
diff --git gcc/testsuite/c-c++-common/ubsan/pr82072-2.c gcc/testsuite/c-c++-common/ubsan/pr82072-2.c
index e69de29bb2d..ff8aca4d942 100644
--- gcc/testsuite/c-c++-common/ubsan/pr82072-2.c
+++ gcc/testsuite/c-c++-common/ubsan/pr82072-2.c
@@ -0,0 +1,15 @@
+/* PR sanitizer/82072 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=signed-integer-overflow" } */
+
+int
+main ()
+{
+  long long int l = -__LONG_LONG_MAX__ - 1;
+  unsigned int u;
+  u = -l;
+  asm volatile ("" : "+r" (u));
+  return 0;
+}
+
+/* { dg-output "negation of -9223372036854775808 cannot be represented in type 'long long int'\[^\n\r]*; cast to an unsigned type to negate this value to itself" } */

	Marek

Follow-Ups:
- Re: [PATCH] Another type demotion issue with ubsan (PR sanitizer/82072)
  - From: Jeff Law

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]