From ec043522ffe0847f1917b5065d3b72c29d601bef Mon Sep 17 00:00:00 2001 From: Marek Polacek Date: Fri, 31 Jul 2015 11:12:57 +0000 Subject: [PATCH] re PR sanitizer/66977 (-fsanitize=shift may introduce uninitialized variables) PR sanitizer/66977 * typeck.c (get_member_function_from_ptrfunc): Don't sanitize RSHIFT_EXPR. * g++.dg/ubsan/pr66977.C: New test. From-SVN: r226440 --- gcc/cp/ChangeLog | 6 ++++++ gcc/cp/typeck.c | 7 +++++++ gcc/testsuite/ChangeLog | 5 +++++ gcc/testsuite/g++.dg/ubsan/pr66977.C | 27 +++++++++++++++++++++++++++ 4 files changed, 45 insertions(+) create mode 100644 gcc/testsuite/g++.dg/ubsan/pr66977.C diff --git a/gcc/cp/ChangeLog b/gcc/cp/ChangeLog index c1a7cb6f352..8d286a62d9e 100644 --- a/gcc/cp/ChangeLog +++ b/gcc/cp/ChangeLog @@ -1,3 +1,9 @@ +2015-07-31 Marek Polacek + + PR sanitizer/66977 + * typeck.c (get_member_function_from_ptrfunc): Don't sanitize + RSHIFT_EXPR. + 2015-07-30 Paolo Carlini * class.c (check_for_override): Use DECL_SOURCE_LOCATION and "%qD" diff --git a/gcc/cp/typeck.c b/gcc/cp/typeck.c index 2ed43beeb0d..a7a884486fe 100644 --- a/gcc/cp/typeck.c +++ b/gcc/cp/typeck.c @@ -3288,6 +3288,7 @@ get_member_function_from_ptrfunc (tree *instance_ptrptr, tree function, idx = build1 (NOP_EXPR, vtable_index_type, e3); switch (TARGET_PTRMEMFUNC_VBIT_LOCATION) { + int flag_sanitize_save; case ptrmemfunc_vbit_in_pfn: e1 = cp_build_binary_op (input_location, BIT_AND_EXPR, idx, integer_one_node, @@ -3303,9 +3304,15 @@ get_member_function_from_ptrfunc (tree *instance_ptrptr, tree function, e1 = cp_build_binary_op (input_location, BIT_AND_EXPR, delta, integer_one_node, complain); + /* Don't instrument the RSHIFT_EXPR we're about to create because + we're going to use DELTA number of times, and that wouldn't play + well with SAVE_EXPRs therein. */ + flag_sanitize_save = flag_sanitize; + flag_sanitize = 0; delta = cp_build_binary_op (input_location, RSHIFT_EXPR, delta, integer_one_node, complain); + flag_sanitize = flag_sanitize_save; if (delta == error_mark_node) return error_mark_node; break; diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index 08ea0c8dccc..6513cf01b2c 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,8 @@ +2015-07-31 Marek Polacek + + PR sanitizer/66977 + * g++.dg/ubsan/pr66977.C: New test. + 2015-07-30 Marek Polacek * c-c++-common/Wtautological-compare-3.c: New test. diff --git a/gcc/testsuite/g++.dg/ubsan/pr66977.C b/gcc/testsuite/g++.dg/ubsan/pr66977.C new file mode 100644 index 00000000000..3ab8d902f10 --- /dev/null +++ b/gcc/testsuite/g++.dg/ubsan/pr66977.C @@ -0,0 +1,27 @@ +// PR sanitizer/66977 +// { dg-do compile } +// { dg-options "-fsanitize=shift -Wmaybe-uninitialized -O" } + +class Foo { + +private: + + int a_; + +public: + + Foo (int a) : a_(a) {}; + + inline int get_a () { return a_; }; +}; + +int bar (int (Foo::*get)()) { + Foo *A = new Foo(1); + int result = (A->*get)(); + delete (A); + return result; +} + +int main () { + return bar (&Foo::get_a); +}