| Message ID | 20181211072150.GJ12380@tucnak |
|---|---|
| State | New |
| Headers | show |
| Series | [C] Fix ubsan -fsanitize=float-cast-overflow ICE (PR sanitizer/88426) | expand |
On Tue, Dec 11, 2018 at 08:21:50AM +0100, Jakub Jelinek wrote: > Hi! > > The following testcase ICEs since the c_save_expr removal. Unlike other > spots where we use save_expr and potentially pass that to function ubsan > calls, in this case we weren't calling c_fully_fold and > c_fully_fold_internal unfortunately doesn't recurse into CALL_EXPRs, so > the gimplifier then sees C_MAYBE_CONST_EXPRs and ICEs on them. E.g. > for shift sanitization etc. we call c_fully_fold like this. > > Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk? > > 2018-12-11 Jakub Jelinek <jakub@redhat.com> > > PR sanitizer/88426 > * c-convert.c (convert): Call c_fully_fold before calling > ubsan_instrument_float_cast. > > * c-c++-common/ubsan/float-cast-overflow-11.c: New test. Ok, thanks. Marek
--- gcc/c/c-convert.c.jj 2018-01-03 10:20:20.119537950 +0100 +++ gcc/c/c-convert.c 2018-12-10 09:26:57.846455754 +0100 @@ -115,6 +115,7 @@ convert (tree type, tree expr) && COMPLETE_TYPE_P (type)) { expr = save_expr (expr); + expr = c_fully_fold (expr, false, NULL); tree check = ubsan_instrument_float_cast (loc, type, expr); expr = fold_build1 (FIX_TRUNC_EXPR, type, expr); if (check == NULL_TREE) --- gcc/testsuite/c-c++-common/ubsan/float-cast-overflow-11.c.jj 2018-12-10 09:30:05.548386877 +0100 +++ gcc/testsuite/c-c++-common/ubsan/float-cast-overflow-11.c 2018-12-10 09:29:49.027656990 +0100 @@ -0,0 +1,10 @@ +/* PR sanitizer/88426 */ +/* { dg-do compile } */ +/* { dg-options "-fsanitize=float-cast-overflow" } */ + +int +foo (void) +{ + const float v = 0.0f; + return (int) (v < 0.0f ? v : 0.0f); +}