re PR sanitizer/89869 (-fsanitize=undefined miscompilation)
PR sanitizer/89869 * typeck.c: Include gimplify.h. (cp_build_modify_expr) <case COND_EXPR>: Unshare rhs before using it for second time. Formatting fixes. * g++.dg/ubsan/vptr-14.C: New test. From-SVN: r270024
This commit is contained in:
parent
77527d8ac4
commit
2b53407efb
|
@ -1,3 +1,10 @@
|
||||||
|
2019-03-29 Jakub Jelinek <jakub@redhat.com>
|
||||||
|
|
||||||
|
PR sanitizer/89869
|
||||||
|
* typeck.c: Include gimplify.h.
|
||||||
|
(cp_build_modify_expr) <case COND_EXPR>: Unshare rhs before using it
|
||||||
|
for second time. Formatting fixes.
|
||||||
|
|
||||||
2019-03-29 Marek Polacek <polacek@redhat.com>
|
2019-03-29 Marek Polacek <polacek@redhat.com>
|
||||||
|
|
||||||
PR c++/89876 - ICE with deprecated conversion.
|
PR c++/89876 - ICE with deprecated conversion.
|
||||||
|
|
|
@ -40,6 +40,7 @@ along with GCC; see the file COPYING3. If not see
|
||||||
#include "stringpool.h"
|
#include "stringpool.h"
|
||||||
#include "attribs.h"
|
#include "attribs.h"
|
||||||
#include "asan.h"
|
#include "asan.h"
|
||||||
|
#include "gimplify.h"
|
||||||
|
|
||||||
static tree cp_build_addr_expr_strict (tree, tsubst_flags_t);
|
static tree cp_build_addr_expr_strict (tree, tsubst_flags_t);
|
||||||
static tree cp_build_function_call (tree, tree, tsubst_flags_t);
|
static tree cp_build_function_call (tree, tree, tsubst_flags_t);
|
||||||
|
@ -8129,8 +8130,6 @@ cp_build_modify_expr (location_t loc, tree lhs, enum tree_code modifycode,
|
||||||
/* Produce (a ? (b = rhs) : (c = rhs))
|
/* Produce (a ? (b = rhs) : (c = rhs))
|
||||||
except that the RHS goes through a save-expr
|
except that the RHS goes through a save-expr
|
||||||
so the code to compute it is only emitted once. */
|
so the code to compute it is only emitted once. */
|
||||||
tree cond;
|
|
||||||
|
|
||||||
if (VOID_TYPE_P (TREE_TYPE (rhs)))
|
if (VOID_TYPE_P (TREE_TYPE (rhs)))
|
||||||
{
|
{
|
||||||
if (complain & tf_error)
|
if (complain & tf_error)
|
||||||
|
@ -8145,12 +8144,20 @@ cp_build_modify_expr (location_t loc, tree lhs, enum tree_code modifycode,
|
||||||
if (!lvalue_or_else (lhs, lv_assign, complain))
|
if (!lvalue_or_else (lhs, lv_assign, complain))
|
||||||
return error_mark_node;
|
return error_mark_node;
|
||||||
|
|
||||||
cond = build_conditional_expr
|
tree op1 = cp_build_modify_expr (loc, TREE_OPERAND (lhs, 1),
|
||||||
(input_location, TREE_OPERAND (lhs, 0),
|
modifycode, rhs, complain);
|
||||||
cp_build_modify_expr (loc, TREE_OPERAND (lhs, 1),
|
/* When sanitizing undefined behavior, even when rhs doesn't need
|
||||||
modifycode, rhs, complain),
|
stabilization at this point, the sanitization might add extra
|
||||||
cp_build_modify_expr (loc, TREE_OPERAND (lhs, 2),
|
SAVE_EXPRs in there and so make sure there is no tree sharing
|
||||||
modifycode, rhs, complain),
|
in the rhs, otherwise those SAVE_EXPRs will have initialization
|
||||||
|
only in one of the two branches. */
|
||||||
|
if (sanitize_flags_p (SANITIZE_UNDEFINED
|
||||||
|
| SANITIZE_UNDEFINED_NONDEFAULT))
|
||||||
|
rhs = unshare_expr (rhs);
|
||||||
|
tree op2 = cp_build_modify_expr (loc, TREE_OPERAND (lhs, 2),
|
||||||
|
modifycode, rhs, complain);
|
||||||
|
tree cond = build_conditional_expr (input_location,
|
||||||
|
TREE_OPERAND (lhs, 0), op1, op2,
|
||||||
complain);
|
complain);
|
||||||
|
|
||||||
if (cond == error_mark_node)
|
if (cond == error_mark_node)
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
2019-03-29 Jakub Jelinek <jakub@redhat.com>
|
2019-03-29 Jakub Jelinek <jakub@redhat.com>
|
||||||
|
|
||||||
|
PR sanitizer/89869
|
||||||
|
* g++.dg/ubsan/vptr-14.C: New test.
|
||||||
|
|
||||||
PR c/89872
|
PR c/89872
|
||||||
* gcc.dg/tree-ssa/pr89872.c: New test.
|
* gcc.dg/tree-ssa/pr89872.c: New test.
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
// PR sanitizer/89869
|
||||||
|
// { dg-do run }
|
||||||
|
// { dg-options "-fsanitize=vptr -fno-sanitize-recover=vptr" }
|
||||||
|
|
||||||
|
struct S { S *s = 0; virtual ~S () {} };
|
||||||
|
|
||||||
|
void
|
||||||
|
foo (S *x, S *y)
|
||||||
|
{
|
||||||
|
(x->s ? y : x) = x->s;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
S a;
|
||||||
|
foo (&a, 0);
|
||||||
|
}
|
Loading…
Reference in New Issue