Message ID | 20170220154410.GF3892@redhat.com |
---|---|
State | New |
Headers | show |
On Mon, Feb 20, 2017 at 04:44:10PM +0100, Marek Polacek wrote: > We crash here becase ubsan_type_descriptor isn't able to handle arrays > such as int[0:], i.e. where the TYPE_MAX_VALUE of the domain is missing. > Fixed by checking that first, which means we'd print '*' instead if it > is missing. > > Bootstrapped/regtested on x86_64-linux, ok for trunk/6? > > 2017-02-20 Marek Polacek <polacek@redhat.com> > > PR sanitizer/79558 > * ubsan.c (ubsan_type_descriptor): Check if TYPE_MAX_VALUE is null. > > * c-c++-common/ubsan/bounds-14.c: New test. Ok, thanks. Jakub
diff --git gcc/testsuite/c-c++-common/ubsan/bounds-14.c gcc/testsuite/c-c++-common/ubsan/bounds-14.c index e69de29..ddb5251 100644 --- gcc/testsuite/c-c++-common/ubsan/bounds-14.c +++ gcc/testsuite/c-c++-common/ubsan/bounds-14.c @@ -0,0 +1,13 @@ +/* PR sanitizer/79558 */ +/* { dg-do compile } */ +/* { dg-options "-fsanitize=bounds" } */ + +void +fn1 (int n) +{ + int i, j; + int x[2][0]; + for (i = 0; i < n; i++) + for (j = 0; j < n; j++) + x[i][j] = 5; +} diff --git gcc/ubsan.c gcc/ubsan.c index 0291401..11a41e1 100644 --- gcc/ubsan.c +++ gcc/ubsan.c @@ -409,7 +409,9 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle) { pp_left_bracket (&pretty_name); tree dom = TYPE_DOMAIN (t); - if (dom && TREE_CODE (TYPE_MAX_VALUE (dom)) == INTEGER_CST) + if (dom != NULL_TREE + && TYPE_MAX_VALUE (dom) != NULL_TREE + && TREE_CODE (TYPE_MAX_VALUE (dom)) == INTEGER_CST) { if (tree_fits_uhwi_p (TYPE_MAX_VALUE (dom)) && tree_to_uhwi (TYPE_MAX_VALUE (dom)) + 1 != 0)