[PATCH] Fix ubsan tree sharing (PR sanitizer/66908)
Marek Polacek
polacek@redhat.com
Tue Aug 11 15:41:00 GMT 2015
On Wed, Jul 22, 2015 at 07:26:22PM +0200, Marek Polacek wrote:
> In this testcase we were generating an uninitialized variable when doing
> -fsanitize=shift,bounds sanitization. The shift instrumentation is done
> first; after that, the IR looks like
>
> res[i] = (m > 31) ? __ubsan (... tab[i] ...) ? 0, ... tab[i] ...;
>
> where tab[i] are identical. That means that when we instrument the first
> tab[i] (we shouldn't do this I suppose), the second tab[i] is changed as
> well as they're shared. But that doesn't play well with SAVE_EXPRs, because
> SAVE_EXPR <i> would only be initialized on one path. Fixed by unsharing
> the operands when constructing the ubsan check. The .gimple diff is in
> essence just
>
> + i.2 = i;
> + UBSAN_BOUNDS (0B, i.2, 21);
> - UBSAN_BOUNDS (0B, i.1, 21);
>
> (Merely not instrumenting __ubsan_* wouldn't help exactly because of the
> sharing.)
>
> Bootstrapped/regtested on x86_64-linux, ok for trunk?
>
> 2015-07-22 Marek Polacek <polacek@redhat.com>
>
> PR sanitizer/66908
> * c-ubsan.c: Include gimplify.h.
> (ubsan_instrument_division): Unshare OP0 and OP1.
> (ubsan_instrument_shift): Likewise.
>
> * c-c++-common/ubsan/pr66908.c: New test.
I'm backporting this patch to the gcc5 branch as well.
Marek
More information about the Gcc-patches
mailing list