[PATCH] Fix -fsanitize=object-size expansion (PR sanitizer/65367)
Marek Polacek
polacek@redhat.com
Tue Mar 10 15:47:00 GMT 2015
This PR exposes a bug where we weren't properly updating gsi in case of just
removing the unnecessary UBSAN_OBJECT_SIZE call. In such a case we need to
remove the statement using the gsi passed down to ubsan_expand_objsize_ifn,
not with a copy of it, because we rely on gsi_remove to update the iterator.
Bootstrapped/regtested on x86_64-linux, applying to trunk.
2015-03-10 Marek Polacek <polacek@redhat.com>
Jakub Jelinek <jakub@redhat.com>
PR sanitizer/65367
* ubsan.c (ubsan_expand_objsize_ifn): Update GSI instead of GSI_ORIG
when only removing the statement. Handle expanding UBSAN_OBJECT_SIZE
separately.
* c-c++-common/ubsan/pr65367.c: New test.
diff --git gcc/testsuite/c-c++-common/ubsan/pr65367.c gcc/testsuite/c-c++-common/ubsan/pr65367.c
index e69de29..730f5bf 100644
--- gcc/testsuite/c-c++-common/ubsan/pr65367.c
+++ gcc/testsuite/c-c++-common/ubsan/pr65367.c
@@ -0,0 +1,9 @@
+/* PR sanitizer/65367 */
+/* { dg-do compile } */
+/* { dg-options "-fno-tree-ccp -fno-tree-copy-prop -fno-tree-dominator-opts -fno-tree-fre -fsanitize=object-size" } */
+
+int
+foo (char *p)
+{
+ return *((const char *) "") - *p;
+}
diff --git gcc/ubsan.c gcc/ubsan.c
index 38d98cf..98edfe0 100644
--- gcc/ubsan.c
+++ gcc/ubsan.c
@@ -1022,11 +1022,16 @@ ubsan_expand_objsize_ifn (gimple_stmt_iterator *gsi)
/* Point GSI to next logical statement. */
*gsi = gsi_start_bb (fallthru_bb);
+
+ /* Get rid of the UBSAN_OBJECT_SIZE call from the IR. */
+ unlink_stmt_vdef (stmt);
+ gsi_remove (&gsi_orig, true);
+ return true;
}
/* Get rid of the UBSAN_OBJECT_SIZE call from the IR. */
unlink_stmt_vdef (stmt);
- gsi_remove (&gsi_orig, true);
+ gsi_remove (gsi, true);
return true;
}
Marek
More information about the Gcc-patches
mailing list