re PR sanitizer/65081 (-fsanitize=object-size fails with simple pointer arithm)
PR sanitizer/65081 * ubsan.c (OBJSZ_MAX_OFFSET): Define. (ubsan_expand_objsize_ifn): Don't emit run-time check if the offset is in range [-16K, -1]. Don't issue run-time error if (ptr > ptr + offset). * c-c++-common/ubsan/pr65081.c: New test. From-SVN: r220784
This commit is contained in:
parent
d77052881b
commit
c7400e2fec
|
@ -1,3 +1,11 @@
|
||||||
|
2015-02-18 Marek Polacek <polacek@redhat.com>
|
||||||
|
|
||||||
|
PR sanitizer/65081
|
||||||
|
* ubsan.c (OBJSZ_MAX_OFFSET): Define.
|
||||||
|
(ubsan_expand_objsize_ifn): Don't emit run-time check if the offset
|
||||||
|
is in range [-16K, -1]. Don't issue run-time error if
|
||||||
|
(ptr > ptr + offset).
|
||||||
|
|
||||||
2015-02-18 Thomas Schwinge <thomas@codesourcery.com>
|
2015-02-18 Thomas Schwinge <thomas@codesourcery.com>
|
||||||
|
|
||||||
* doc/install.texi (nvptx-*-none): New section.
|
* doc/install.texi (nvptx-*-none): New section.
|
||||||
|
|
|
@ -1,3 +1,8 @@
|
||||||
|
2015-02-18 Marek Polacek <polacek@redhat.com>
|
||||||
|
|
||||||
|
PR sanitizer/65081
|
||||||
|
* c-c++-common/ubsan/pr65081.c: New test.
|
||||||
|
|
||||||
2015-02-17 Oleg Endo <olegendo@gcc.gnu.org>
|
2015-02-17 Oleg Endo <olegendo@gcc.gnu.org>
|
||||||
|
|
||||||
* gcc.target/sh/sh.exp (check_effective_target_sh1): New.
|
* gcc.target/sh/sh.exp (check_effective_target_sh1): New.
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
/* PR sanitizer/65081 */
|
||||||
|
/* { dg-do run } */
|
||||||
|
/* { dg-skip-if "" { *-*-* } { "*" } { "-O2" } } */
|
||||||
|
/* { dg-options "-fsanitize=object-size -fno-sanitize-recover=object-size" } */
|
||||||
|
|
||||||
|
struct S
|
||||||
|
{
|
||||||
|
int a;
|
||||||
|
char p[1];
|
||||||
|
};
|
||||||
|
|
||||||
|
struct S b;
|
||||||
|
|
||||||
|
struct S *
|
||||||
|
foo ()
|
||||||
|
{
|
||||||
|
struct S *i = &b;
|
||||||
|
return i + 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
main (void)
|
||||||
|
{
|
||||||
|
struct S *i = foo () - 1;
|
||||||
|
i->a = 1;
|
||||||
|
}
|
42
gcc/ubsan.c
42
gcc/ubsan.c
|
@ -920,6 +920,8 @@ ubsan_expand_null_ifn (gimple_stmt_iterator *gsip)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define OBJSZ_MAX_OFFSET (1024 * 16)
|
||||||
|
|
||||||
/* Expand UBSAN_OBJECT_SIZE internal call. */
|
/* Expand UBSAN_OBJECT_SIZE internal call. */
|
||||||
|
|
||||||
bool
|
bool
|
||||||
|
@ -941,6 +943,10 @@ ubsan_expand_objsize_ifn (gimple_stmt_iterator *gsi)
|
||||||
|| integer_all_onesp (size))
|
|| integer_all_onesp (size))
|
||||||
/* Yes, __builtin_object_size couldn't determine the
|
/* Yes, __builtin_object_size couldn't determine the
|
||||||
object size. */;
|
object size. */;
|
||||||
|
else if (TREE_CODE (offset) == INTEGER_CST
|
||||||
|
&& wi::ges_p (wi::to_widest (offset), -OBJSZ_MAX_OFFSET)
|
||||||
|
&& wi::les_p (wi::to_widest (offset), -1))
|
||||||
|
/* The offset is in range [-16K, -1]. */;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* if (offset > objsize) */
|
/* if (offset > objsize) */
|
||||||
|
@ -952,8 +958,42 @@ ubsan_expand_objsize_ifn (gimple_stmt_iterator *gsi)
|
||||||
gimple_set_location (g, loc);
|
gimple_set_location (g, loc);
|
||||||
gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
|
gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
|
||||||
|
|
||||||
/* Generate __ubsan_handle_type_mismatch call. */
|
/* If the offset is small enough, we don't need the second
|
||||||
|
run-time check. */
|
||||||
|
if (TREE_CODE (offset) == INTEGER_CST
|
||||||
|
&& wi::ges_p (wi::to_widest (offset), 0)
|
||||||
|
&& wi::les_p (wi::to_widest (offset), OBJSZ_MAX_OFFSET))
|
||||||
*gsi = gsi_after_labels (then_bb);
|
*gsi = gsi_after_labels (then_bb);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Don't issue run-time error if (ptr > ptr + offset). That
|
||||||
|
may happen when computing a POINTER_PLUS_EXPR. */
|
||||||
|
basic_block then2_bb, fallthru2_bb;
|
||||||
|
|
||||||
|
gimple_stmt_iterator gsi2 = gsi_after_labels (then_bb);
|
||||||
|
cond_insert_point = create_cond_insert_point (&gsi2, false, false,
|
||||||
|
true, &then2_bb,
|
||||||
|
&fallthru2_bb);
|
||||||
|
/* Convert the pointer to an integer type. */
|
||||||
|
tree p = make_ssa_name (pointer_sized_int_node);
|
||||||
|
g = gimple_build_assign (p, NOP_EXPR, ptr);
|
||||||
|
gimple_set_location (g, loc);
|
||||||
|
gsi_insert_before (&cond_insert_point, g, GSI_NEW_STMT);
|
||||||
|
p = gimple_assign_lhs (g);
|
||||||
|
/* Compute ptr + offset. */
|
||||||
|
g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
|
||||||
|
PLUS_EXPR, p, offset);
|
||||||
|
gimple_set_location (g, loc);
|
||||||
|
gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
|
||||||
|
/* Now build the conditional and put it into the IR. */
|
||||||
|
g = gimple_build_cond (LE_EXPR, p, gimple_assign_lhs (g),
|
||||||
|
NULL_TREE, NULL_TREE);
|
||||||
|
gimple_set_location (g, loc);
|
||||||
|
gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
|
||||||
|
*gsi = gsi_after_labels (then2_bb);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Generate __ubsan_handle_type_mismatch call. */
|
||||||
if (flag_sanitize_undefined_trap_on_error)
|
if (flag_sanitize_undefined_trap_on_error)
|
||||||
g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
|
g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue