[Bug sanitizer/108060] UBsan missed an out-of-bound bug at -O0 since r7-1900-g8a1b7b7fd75a3847
marxin at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Mon Dec 12 12:45:30 GMT 2022
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108060
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2022-12-12
CC| |jason at gcc dot gnu.org
Summary|UBsan missed an |UBsan missed an
|out-of-bound bug at -O0 |out-of-bound bug at -O0
| |since
| |r7-1900-g8a1b7b7fd75a3847
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Confirmed. So it started with r7-1900-g8a1b7b7fd75a3847 where the array is
accessed before UBSAN check:
gcc pr108060.c -fsanitize=undefined -fdump-tree-gimple=/dev/stdout
int main ()
{
int D.2422;
int D.2423;
{
b = -32768;
b.0_1 = b;
_2 = (int) b.0_1;
_3 = a[_2]; <--- load happens here
c.1_4 = c;
_5 = (int) c.1_4;
b.2_6 = b;
D.2422 = (int) b.2_6;
.UBSAN_BOUNDS (0B, D.2422, 7);
_7 = _3 | _5;
a[D.2422] = _7;
}
D.2423 = 0;
return D.2423;
}
thus we crashes before the .UBSAN_BOUNDS happens. Before the revision we
emitted:
{
b = -4169;
b.0_1 = b;
D.2074 = (int) b.0_1;
UBSAN_BOUNDS (0B, D.2074, 7);
b.1_2 = b;
_3 = (int) b.1_2;
_4 = a[_3];
_5 = _4 | 1;
a[D.2074] = _5;
}
More information about the Gcc-bugs
mailing list