re PR sanitizer/81604 (Ubsan type reporting can be bogus in some cases)

PR sanitizer/81604 * ubsan.c (ubsan_type_descriptor): For UBSAN_PRINT_ARRAY don't change type to the element type, instead add eltype variable and use it where we are interested in the element type. * c-c++-common/ubsan/pr81604.c: New test. From-SVN: r250729
2017-07-31 10:46:29 +02:00 · 2017-07-31 10:46:29 +02:00 · 9e4de329b1
parent 6c9d51255d
commit 9e4de329b1
4 changed files with 50 additions and 6 deletions
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@ -1,3 +1,10 @@
+2017-07-31  Jakub Jelinek  <jakub@redhat.com>
+
+	PR sanitizer/81604
+	* ubsan.c (ubsan_type_descriptor): For UBSAN_PRINT_ARRAY don't
+	change type to the element type, instead add eltype variable and
+	use it where we are interested in the element type.
+
 2017-07-28  Peter Bergner  <bergner@vnet.ibm.com>

 	Backport from mainline
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@ -1,3 +1,8 @@
+2017-07-31  Jakub Jelinek  <jakub@redhat.com>
+
+	PR sanitizer/81604
+	* c-c++-common/ubsan/pr81604.c: New test.
+
 2017-07-28  Peter Bergner  <bergner@vnet.ibm.com>

 	Backport from mainline
--- a/gcc/testsuite/c-c++-common/ubsan/pr81604.c
+++ b/gcc/testsuite/c-c++-common/ubsan/pr81604.c
@ -0,0 +1,31 @@
+/* PR sanitizer/81604 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds,signed-integer-overflow" } */
+
+long a[10];
+
+__attribute__((noinline, noclone)) long *
+foo (int i)
+{
+  return &a[i];
+}
+
+__attribute__((noinline, noclone)) long
+bar (long x, long y)
+{
+  return x * y;
+}
+
+int
+main ()
+{
+  volatile int i = -1;
+  volatile long l = __LONG_MAX__;
+  long *volatile p;
+  p = foo (i);
+  l = bar (l, l);
+  return 0;
+}
+
+/* { dg-output "index -1 out of bounds for type 'long int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*signed integer overflow: \[0-9]+ \\* \[0-9]+ cannot be represented in type 'long int'" } */
--- a/gcc/ubsan.c
+++ b/gcc/ubsan.c
@ -400,6 +400,7 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
    /* We weren't able to determine the type name.  */
    tname = "<unknown>";

+  tree eltype = type;
  if (pstyle == UBSAN_PRINT_POINTER)
    {
      pp_printf (&pretty_name, "'%s%s%s%s%s%s%s",
@ -450,12 +451,12 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
      pp_quote (&pretty_name);

      /* Save the tree with stripped types.  */
-      type = t;
+      eltype = t;
    }
  else
    pp_printf (&pretty_name, "'%s'", tname);

-  switch (TREE_CODE (type))
+  switch (TREE_CODE (eltype))
    {
    case BOOLEAN_TYPE:
    case ENUMERAL_TYPE:
@ -465,9 +466,9 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
    case REAL_TYPE:
      /* FIXME: libubsan right now only supports float, double and
 	 long double type formats.  */
-      if (TYPE_MODE (type) == TYPE_MODE (float_type_node)
-	  || TYPE_MODE (type) == TYPE_MODE (double_type_node)
-	  || TYPE_MODE (type) == TYPE_MODE (long_double_type_node))
+      if (TYPE_MODE (eltype) == TYPE_MODE (float_type_node)
+	  || TYPE_MODE (eltype) == TYPE_MODE (double_type_node)
+	  || TYPE_MODE (eltype) == TYPE_MODE (long_double_type_node))
 	tkind = 0x0001;
      else
 	tkind = 0xffff;
@ -476,7 +477,7 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
      tkind = 0xffff;
      break;
    }
-  tinfo = get_ubsan_type_info_for_type (type);
+  tinfo = get_ubsan_type_info_for_type (eltype);

  /* Create a new VAR_DECL of type descriptor.  */
  const char *tmp = pp_formatted_text (&pretty_name);