This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug sanitizer/81604] New: Ubsan type reporting can be bogus in some cases
- From: "jakub at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Fri, 28 Jul 2017 16:04:12 +0000
- Subject: [Bug sanitizer/81604] New: Ubsan type reporting can be bogus in some cases
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81604
Bug ID: 81604
Summary: Ubsan type reporting can be bogus in some cases
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: jakub at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
long a[10];
__attribute__((noinline, noclone)) long *
foo (int i)
{
return &a[i];
}
__attribute__((noinline, noclone)) long
bar (long x, long y)
{
return x * y;
}
int
main ()
{
volatile int i = -1;
volatile long l = __LONG_MAX__;
long *volatile p;
p = foo (i);
l = bar (l, l);
return 0;
}
with -fsanitize=undefined prints:
test.c:6:12: runtime error: index -1 out of bounds for type 'long int [10]'
test.c:12:12: runtime error: signed integer overflow: 9223372036854775807 *
9223372036854775807 cannot be represented in type 'long int [10]'
Note the incorrect 'long int [10]' on the second line, the computation is
obviously done in long int type instead.