[PATCH] Fix uninitialized variable with ubsan on ARM (PR sanitizer/66977)
Marek Polacek
polacek@redhat.com
Fri Jul 31 11:48:00 GMT 2015
On Tue, Jul 28, 2015 at 03:13:41PM +0200, Marek Polacek wrote:
> This fixes a problem where on ARM ubsan can introduce an uninitialized variable.
> It's ARM only since the ARM C++ ABI says that when creating a pointer to member
> function, the LSB of ptr discriminates between the address of a non-virtual member
> function and the offset in the class's virtual table of the address of a virtual
> function. That means the compiler will create a RSHIFT_EXPR, and with ubsan this
> RSHIFT_EXPR is instrumented, i.e. the expression involves SAVE_EXPRs.
>
> But this expr is used more times and that is the crux of the problem:
> get_member_function_from_ptrfunc returns a tree that contains the expr, and here
> 4927 fn = get_member_function_from_ptrfunc (&object_addr, fn,
> 4928 complain);
> 4929 vec_safe_insert (*args, 0, object_addr);
> 4930 }
> it also saves the expr into OBJECT_ADDR which is then pushed to args.
>
> Long story short: can't use unshare_expr here, because that doesn't copy
> SAVE_EXPRs. I could use copy_tree_r, as outlined in the PR. But I think
> we can just not instrument the RSHIFT_EXPR -- we know that this one can't
> overflow anyway.
>
> I have tried on a cross that the problem indeed goes away.
>
> Bootstrapped/regtested on x86_64-linux, ok for trunk?
Approved on IRC, I'm going to commit this patch with a minor formatting
issue fixed.
Marek
More information about the Gcc-patches
mailing list