[Bug sanitizer/81598] -fsanitize=enum does not detect range violation
marxin at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Thu Aug 3 10:59:00 GMT 2017
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81598
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2017-08-03
CC| |mpolacek at gcc dot gnu.org
Ever confirmed|0 |1
Severity|normal |enhancement
--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
I believe we can instrument more in order to catch more situations:
enum values
{
A = 1000,
B = 30,
C = 100
};
enum values g;
int main(int argc, char **argv)
{
enum values x = (enum values)argc;
if (x == 12345)
return 1;
return g;
switch (x)
{
case A:
return 1;
case C:
return 2;
case 123:
return 3;
}
}
In this case, CFG is based on values that are undefined. As I've been working
on research of switch statement, I noticed that it's very common that switch
covers all possibly values of an enumeral type. Having that, we can instrument
default label with some UBSAN call.
More information about the Gcc-bugs
mailing list