Message ID | 20170904142101.GE20631@redhat.com |
---|---|
State | New |
Headers | show |
Series | Another type demotion issue with ubsan (PR sanitizer/82072) | expand |
On 09/04/2017 08:21 AM, Marek Polacek wrote: > Vittorio reported another issue with convert_to_integer_1: for > u = -l; > where u is unsigned and l is long long the function does: > > 911 return convert (type, > 912 fold_build1 (ex_form, typex, > 913 convert (typex, > 914 TREE_OPERAND (expr, 0)))); > > so instead of > u = (unsigned int) -l; > it produced > u = -(unsigned int) l; > thus hiding the overflow. Fixed by moving the recently added check a little > bit above. > > Bootstrapped/regtested on x86_64-linux, ok for trunk? > > 2017-09-04 Marek Polacek <polacek@redhat.com> > > PR sanitizer/82072 > * convert.c (convert_to_integer_1) <case NEGATE_EXPR>: Move the ubsan > check earlier. > > * c-c++-common/ubsan/pr82072-2.c: New test. OK. jeff
diff --git gcc/convert.c gcc/convert.c index 139d790fd98..bfe18fb0f43 100644 --- gcc/convert.c +++ gcc/convert.c @@ -886,6 +886,12 @@ convert_to_integer_1 (tree type, tree expr, bool dofold) break; case NEGATE_EXPR: + /* Using unsigned arithmetic for signed types may hide overflow + bugs. */ + if (!TYPE_UNSIGNED (TREE_TYPE (TREE_OPERAND (expr, 0))) + && sanitize_flags_p (SANITIZE_SI_OVERFLOW)) + break; + /* Fall through. */ case BIT_NOT_EXPR: /* This is not correct for ABS_EXPR, since we must test the sign before truncation. */ @@ -902,12 +908,7 @@ convert_to_integer_1 (tree type, tree expr, bool dofold) TYPE_UNSIGNED (typex)); if (!TYPE_UNSIGNED (typex)) - { - /* Using unsigned arithmetic may hide overflow bugs. */ - if (sanitize_flags_p (SANITIZE_SI_OVERFLOW)) - break; - typex = unsigned_type_for (typex); - } + typex = unsigned_type_for (typex); return convert (type, fold_build1 (ex_form, typex, convert (typex, diff --git gcc/testsuite/c-c++-common/ubsan/pr82072-2.c gcc/testsuite/c-c++-common/ubsan/pr82072-2.c index e69de29bb2d..ff8aca4d942 100644 --- gcc/testsuite/c-c++-common/ubsan/pr82072-2.c +++ gcc/testsuite/c-c++-common/ubsan/pr82072-2.c @@ -0,0 +1,15 @@ +/* PR sanitizer/82072 */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=signed-integer-overflow" } */ + +int +main () +{ + long long int l = -__LONG_LONG_MAX__ - 1; + unsigned int u; + u = -l; + asm volatile ("" : "+r" (u)); + return 0; +} + +/* { dg-output "negation of -9223372036854775808 cannot be represented in type 'long long int'\[^\n\r]*; cast to an unsigned type to negate this value to itself" } */