[PATCH] ipa/116296 - avoid overflow in modref_access_node::contains
Jakub Jelinek
jakub@redhat.com
Tue Jan 27 13:31:19 GMT 2026
On Tue, Jan 27, 2026 at 02:24:37PM +0100, Richard Biener wrote:
> PR ipa/116296
> * ipa-modref-tree.cc (modref_access_node::contains): Use
> poly_offset_int for the param offset difference and the
> overlap computation.
>
> * gcc.dg/torture/pr116296.c: New testcase.
> @@ -80,7 +80,8 @@ modref_access_node::contains (const modref_access_node &a) const
> a.offset may result in non-negative offset again.
> Ubsan fails on val << LOG_BITS_PER_UNIT where val
> is negative. */
> - aoffset_adj = (a.parm_offset - parm_offset)
> + aoffset_adj = (poly_offset_int::from (a.parm_offset, UNSIGNED)
> + - poly_offset_int::from (parm_offset, UNSIGNED))
> * BITS_PER_UNIT;
parm_offset is poly_int64 rather than poly_uint64, so shouldn't the above be
SIGNED instead?
> }
> }
> @@ -96,10 +97,14 @@ modref_access_node::contains (const modref_access_node &a) const
> || !known_le (size, a.size)))
> return false;
> if (known_size_p (max_size))
> - return known_subrange_p (a.offset + aoffset_adj,
> - a.max_size, offset, max_size);
> + return known_subrange_p (poly_offset_int::from (a.offset, UNSIGNED)
> + + aoffset_adj, a.max_size,
> + poly_offset_int::from (offset, UNSIGNED),
> + max_size);
> else
> - return known_le (offset, a.offset + aoffset_adj);
> + return known_le (poly_offset_int::from (offset, UNSIGNED),
> + poly_offset_int::from (a.offset, UNSIGNED)
> + + aoffset_adj);
And so is offset.
Jakub
More information about the Gcc-patches
mailing list