This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH] Fix -fsanitize=bounds crash with zero-size array (PR sanitizer/79558)
- From: Marek Polacek <polacek at redhat dot com>
- To: GCC Patches <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>
- Date: Mon, 20 Feb 2017 16:44:10 +0100
- Subject: [PATCH] Fix -fsanitize=bounds crash with zero-size array (PR sanitizer/79558)
- Authentication-results: sourceware.org; auth=none
We crash here becase ubsan_type_descriptor isn't able to handle arrays
such as int[0:], i.e. where the TYPE_MAX_VALUE of the domain is missing.
Fixed by checking that first, which means we'd print '*' instead if it
is missing.
Bootstrapped/regtested on x86_64-linux, ok for trunk/6?
2017-02-20 Marek Polacek <polacek@redhat.com>
PR sanitizer/79558
* ubsan.c (ubsan_type_descriptor): Check if TYPE_MAX_VALUE is null.
* c-c++-common/ubsan/bounds-14.c: New test.
diff --git gcc/testsuite/c-c++-common/ubsan/bounds-14.c gcc/testsuite/c-c++-common/ubsan/bounds-14.c
index e69de29..ddb5251 100644
--- gcc/testsuite/c-c++-common/ubsan/bounds-14.c
+++ gcc/testsuite/c-c++-common/ubsan/bounds-14.c
@@ -0,0 +1,13 @@
+/* PR sanitizer/79558 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=bounds" } */
+
+void
+fn1 (int n)
+{
+ int i, j;
+ int x[2][0];
+ for (i = 0; i < n; i++)
+ for (j = 0; j < n; j++)
+ x[i][j] = 5;
+}
diff --git gcc/ubsan.c gcc/ubsan.c
index 0291401..11a41e1 100644
--- gcc/ubsan.c
+++ gcc/ubsan.c
@@ -409,7 +409,9 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
{
pp_left_bracket (&pretty_name);
tree dom = TYPE_DOMAIN (t);
- if (dom && TREE_CODE (TYPE_MAX_VALUE (dom)) == INTEGER_CST)
+ if (dom != NULL_TREE
+ && TYPE_MAX_VALUE (dom) != NULL_TREE
+ && TREE_CODE (TYPE_MAX_VALUE (dom)) == INTEGER_CST)
{
if (tree_fits_uhwi_p (TYPE_MAX_VALUE (dom))
&& tree_to_uhwi (TYPE_MAX_VALUE (dom)) + 1 != 0)
Marek