Patchwork Fix asan ICE with strlen instrumentation (PR sanitizer/56417)

login
register
mail settings
Submitter Jakub Jelinek
Date Aug. 13, 2013, 9:53 a.m.
Message ID <20130813095313.GC1814@tucnak.redhat.com>
Download mbox | patch
Permalink /patch/266763/
State New
Headers show

Comments

Jakub Jelinek - Aug. 13, 2013, 9:53 a.m.
Hi!

On the following (nonsensical) testcase we ICE because of pointer type
mismatch.  Fixed thusly, bootstrapped/regtested on x86_64-linux and
i686-linux, ok for trunk/4.8?

2013-08-13  Jakub Jelinek  <jakub@redhat.com>

	PR sanitizer/56417
	* asan.c (instrument_strlen_call): Fix typo in comment.
	Use char * type even for the lhs of POINTER_PLUS_EXPR.

	* gcc.dg/asan/pr56417.c: New test.


	Jakub
Dodji Seketeli - Aug. 13, 2013, 11:14 a.m.
Jakub Jelinek <jakub@redhat.com> writes:

> Hi!
>
> On the following (nonsensical) testcase we ICE because of pointer type
> mismatch.  Fixed thusly, bootstrapped/regtested on x86_64-linux and
> i686-linux, ok for trunk/4.8?
>
> 2013-08-13  Jakub Jelinek  <jakub@redhat.com>
>
> 	PR sanitizer/56417
> 	* asan.c (instrument_strlen_call): Fix typo in comment.
> 	Use char * type even for the lhs of POINTER_PLUS_EXPR.
>
> 	* gcc.dg/asan/pr56417.c: New test.

This looks OK to me.

Thanks for fixing this.

Patch

--- gcc/asan.c.jj	2013-06-03 18:11:44.000000000 +0200
+++ gcc/asan.c	2013-07-22 22:28:11.467415676 +0200
@@ -1648,7 +1648,7 @@  instrument_mem_region_access (tree base,
    access to the last byte of the argument; it uses the result of the
    call to deduce the offset of that last byte.
 
-   Upon completion, iff the call has actullay been instrumented, this
+   Upon completion, iff the call has actually been instrumented, this
    function returns TRUE and *ITER points to the statement logically
    following the built-in strlen function call *ITER was initially
    pointing to.  Otherwise, the function returns FALSE and *ITER
@@ -1679,10 +1679,10 @@  instrument_strlen_call (gimple_stmt_iter
   /* Instrument the access to the first byte of str_arg.  i.e:
 
      _1 = str_arg; instrument (_1); */
+  tree cptr_type = build_pointer_type (char_type_node);
   gimple str_arg_ssa =
     gimple_build_assign_with_ops (NOP_EXPR,
-				  make_ssa_name (build_pointer_type
-						 (char_type_node), NULL),
+				  make_ssa_name (cptr_type, NULL),
 				  str_arg, NULL);
   gimple_set_location (str_arg_ssa, loc);
   gimple_stmt_iterator gsi = *iter;
@@ -1701,8 +1701,7 @@  instrument_strlen_call (gimple_stmt_iter
      pointer_plus expr: (_1 + len).  */
   gimple stmt =
     gimple_build_assign_with_ops (POINTER_PLUS_EXPR,
-				  make_ssa_name (TREE_TYPE (str_arg),
-						 NULL),
+				  make_ssa_name (cptr_type, NULL),
 				  gimple_assign_lhs (str_arg_ssa),
 				  len);
   gimple_set_location (stmt, loc);
--- gcc/testsuite/gcc.dg/asan/pr56417.c.jj	2013-07-22 22:34:39.376469948 +0200
+++ gcc/testsuite/gcc.dg/asan/pr56417.c	2013-07-22 21:36:39.000000000 +0200
@@ -0,0 +1,9 @@ 
+/* PR sanitizer/56417 */
+/* { dg-do compile } */
+/* { dg-options "-w" } */
+
+int
+foo (void)
+{
+  return __builtin_strlen (&foo);
+}