@@ -1,4 +1,12 @@
-2018-10-3 Aldy Hernandez <aldyh@redhat.com>
+2018-10-02 Jeff Law <law@redhat.com>
+
+ * gimple-fold.c (get_range_strlen): Only set *nonstr when
+ an unterminated string is discovered. Bubble up range
+ even for unterminated strings.
+ (gimple_fold_builtin_strlen): Do not fold if get_range_strlen
+ indicates the string was not terminated via NONSTR.
+
+2018-10-03 Aldy Hernandez <aldyh@redhat.com>
* tree-vrp.c (extract_range_from_unary_expr): Special case all
pointer conversions.
@@ -1344,8 +1344,13 @@ get_range_strlen (tree arg, tree length[2], bitmap *visited, int type,
/* If we potentially had a non-terminated string, then
bubble that information up to the caller. */
- if (!val)
- *nonstr = data.decl;
+ if (!val && data.decl)
+ {
+ *nonstr = data.decl;
+ *minlen = data.len;
+ *maxlen = data.len;
+ return type == 0 ? false : true;
+ }
}
if (!val && fuzzy)
@@ -3596,6 +3601,7 @@ gimple_fold_builtin_strlen (gimple_stmt_iterator *gsi)
tree nonstr;
tree lenrange[2];
if (!get_range_strlen (arg, lenrange, 1, true, &nonstr)
+ && !nonstr
&& lenrange[0] && TREE_CODE (lenrange[0]) == INTEGER_CST
&& lenrange[1] && TREE_CODE (lenrange[1]) == INTEGER_CST)
{
So this is the infrastructure changes necessary to enable Martin's patch to detect strings without NUL termination passed to the sprintf routines. There's three tightly related changes. First in get_range_strlen, we verify that c_strlen found an unterminated string before setting *nonstr. Second, also in get_range_strlen, in the event we encounter an unterminated string, we still want to bubble up the min/max lengths. The sprintf code will check those against the directive's specified length. If the length specified by the sprintf directive ensures we won't walk off the end of the string, then the warning is suppressed. Bubbling those lengths up caused heartburn for the strlen folding bits which blindly looked at the returned min/max without first verifying that the string was properly terminated. So the 3rd hunk disables strlen folding when get_range_strlen indicates the string was not properly terminated. Bootstrapped and regression tested both in isolation and with Martin's patch to warn for unterminated strings used in sprintf calls. Installing on the trunk. I'll be installing Martin's patch momentarily as well. Jeff commit 89d3e5cf174b6555ba76eb4bef49555fe00fc5b6 Author: Jeff Law <law@torsion.usersys.redhat.com> Date: Wed Oct 3 12:02:12 2018 -0400 * gimple-fold.c (get_range_strlen): Only set *nonstr when an unterminated string is discovered. Bubble up range even for unterminated strings. (gimple_fold_builtin_strlen): Do not fold if get_range_strlen indicates the string was not terminated via NONSTR.