From patchwork Mon Feb 20 15:44:10 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marek Polacek <polacek@redhat.com>
X-Patchwork-Id: 730066
Return-Path: 
 <gcc-patches-return-448822-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3vRnxV1t6wz9sDC
	for <incoming@patchwork.ozlabs.org>;
	Tue, 21 Feb 2017 02:44:29 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b="rWMMXdkL"; dkim-atps=neutral
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:subject:message-id:mime-version:content-type; q=dns; s=
	default; b=RnCIyGSWJOsbAAx7k5mUKJ7wX0wnvLA8TVA7Vq6EA8OJPtGLj2SdP
	98MutXda0EkEaiC6IqAnVuK7Jeyvj+rJNR5C2Lp2AJ2yQTkAEk1wbeQ3llq6SvFt
	MTiZ6t4zEfYkieWcUMu5mfw8HRtxMklEaSzUyjy4BIaHUS9yGX10K0=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:subject:message-id:mime-version:content-type; s=
	default; bh=hmW2gCRArsbALW1uM4KWuSusolY=; b=rWMMXdkLscWc/wXVa2sj
	5HbPyYL3wkQROZ5jMBxfbyr36SUSezuDCjGilUnsfz82idz0z7cQQUwEaaNF2xQ8
	rHNLK+z9MTflgwxAm/ZrzTwSoQpTf6tuKJi1/f0IkOOpCMUCJAjw5TAmC2KZ14Lz
	NBDfzoT+dmY3eanxJPiHk2k=
Received: (qmail 19130 invoked by alias); 20 Feb 2017 15:44:16 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 19120 invoked by uid 89); 20 Feb 2017 15:44:15 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
	GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RP_MATCHES_RCVD,
	SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Mon, 20 Feb 2017 15:44:14 +0000
Received: from smtp.corp.redhat.com
	(int-mx16.intmail.prod.int.phx2.redhat.com
	[10.5.11.28])	(using TLSv1.2 with cipher AECDH-AES256-SHA
	(256/256 bits))	(No client certificate requested)	by
	mx1.redhat.com (Postfix) with ESMTPS id B7E9742BB7	for
	<gcc-patches@gcc.gnu.org>; Mon, 20 Feb 2017 15:44:14 +0000 (UTC)
Received: from redhat.com (ovpn-204-46.brq.redhat.com [10.40.204.46])	by
	smtp.corp.redhat.com (Postfix) with ESMTPS id 0B2FF30674;
	Mon, 20 Feb 2017 15:44:13 +0000 (UTC)
Date: Mon, 20 Feb 2017 16:44:10 +0100
From: Marek Polacek <polacek@redhat.com>
To: GCC Patches <gcc-patches@gcc.gnu.org>, Jakub Jelinek <jakub@redhat.com>
Subject: [PATCH] Fix -fsanitize=bounds crash with zero-size array (PR
	sanitizer/79558)
Message-ID: <20170220154410.GF3892@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.7.1 (2016-10-04)

We crash here becase ubsan_type_descriptor isn't able to handle arrays
such as int[0:], i.e. where the TYPE_MAX_VALUE of the domain is missing.
Fixed by checking that first, which means we'd print '*' instead if it
is missing.

Bootstrapped/regtested on x86_64-linux, ok for trunk/6?

2017-02-20  Marek Polacek  <polacek@redhat.com>

	PR sanitizer/79558
	* ubsan.c (ubsan_type_descriptor): Check if TYPE_MAX_VALUE is null.

	* c-c++-common/ubsan/bounds-14.c: New test.


	Marek

diff --git gcc/testsuite/c-c++-common/ubsan/bounds-14.c gcc/testsuite/c-c++-common/ubsan/bounds-14.c
index e69de29..ddb5251 100644
--- gcc/testsuite/c-c++-common/ubsan/bounds-14.c
+++ gcc/testsuite/c-c++-common/ubsan/bounds-14.c
@@ -0,0 +1,13 @@
+/* PR sanitizer/79558 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=bounds" } */
+
+void
+fn1 (int n)
+{
+  int i, j;
+  int x[2][0];
+  for (i = 0; i < n; i++)
+    for (j = 0; j < n; j++)
+      x[i][j] = 5;
+}
diff --git gcc/ubsan.c gcc/ubsan.c
index 0291401..11a41e1 100644
--- gcc/ubsan.c
+++ gcc/ubsan.c
@@ -409,7 +409,9 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
 	{
 	  pp_left_bracket (&pretty_name);
 	  tree dom = TYPE_DOMAIN (t);
-	  if (dom && TREE_CODE (TYPE_MAX_VALUE (dom)) == INTEGER_CST)
+	  if (dom != NULL_TREE
+	      && TYPE_MAX_VALUE (dom) != NULL_TREE
+	      && TREE_CODE (TYPE_MAX_VALUE (dom)) == INTEGER_CST)
 	    {
 	      if (tree_fits_uhwi_p (TYPE_MAX_VALUE (dom))
 		  && tree_to_uhwi (TYPE_MAX_VALUE (dom)) + 1 != 0)