From patchwork Tue Feb 26 20:44:37 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jakub Jelinek <jakub@redhat.com>
X-Patchwork-Id: 1048553
Return-Path: 
 <gcc-patches-return-497072-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org
	(client-ip=209.132.180.131; helo=sourceware.org;
	envelope-from=gcc-patches-return-497072-incoming=patchwork.ozlabs.org@gcc.gnu.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b="OM1h9Pmo"; dkim-atps=neutral
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4489mR3RNcz9s7T
	for <incoming@patchwork.ozlabs.org>;
	Wed, 27 Feb 2019 07:44:52 +1100 (AEDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:cc:subject:message-id:reply-to:mime-version
	:content-type; q=dns; s=default; b=JGBuvb+VDPF1daWFFga4TpNENaV2r
	tHWf/lDR18CPedEl5j07SCL026wMuPi+84Lg1FDRvu5zWCNgohKdJE5UMNhhRpd6
	rdE8ZDq+67VZaskKA40pbgeoAZhZI4gknxAf1sk3zkG79kxnOszd5D6na1YZ3nb3
	dYIZdHlCAvnRPU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:cc:subject:message-id:reply-to:mime-version
	:content-type; s=default; bh=dNH0RG7JhWeMeaozhcH2qS1fp0o=; b=OM1
	h9PmoqtH9OEdLa3wYki9gqw+2EYT9U5bbIKNsmBuPZnoCQteubmdulWcx4zG2NiX
	VDzZgOZjB9uJ5d9gEGJILLMhFy7IgEBV3Dhz63I9QmKqzW5qYJunHW9Bv4d5qUdL
	pB0tT+i2D2mF104N9ASCOTbw7fE/2M995dtehYhE=
Received: (qmail 88276 invoked by alias); 26 Feb 2019 20:44:45 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 88255 invoked by uid 89); 26 Feb 2019 20:44:45 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-10.9 required=5.0 tests=BAYES_00, GIT_PATCH_2,
	GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY,
	SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=Deal
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Tue, 26 Feb 2019 20:44:43 +0000
Received: from smtp.corp.redhat.com
	(int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])	(using TLSv1.2 with cipher AECDH-AES256-SHA
	(256/256 bits))	(No client certificate requested)	by
	mx1.redhat.com (Postfix) with ESMTPS id A2B1390B18;
	Tue, 26 Feb 2019 20:44:42 +0000 (UTC)
Received: from tucnak.zalov.cz (ovpn-117-64.ams2.redhat.com
	[10.36.117.64])	by smtp.corp.redhat.com (Postfix) with ESMTPS
	id 44CA85D6A6; Tue, 26 Feb 2019 20:44:42 +0000 (UTC)
Received: from tucnak.zalov.cz (localhost [127.0.0.1])	by tucnak.zalov.cz
	(8.15.2/8.15.2) with ESMTP id x1QKidG6004885;
	Tue, 26 Feb 2019 21:44:40 +0100
Received: (from jakub@localhost)	by tucnak.zalov.cz (8.15.2/8.15.2/Submit)
	id x1QKibok004884; Tue, 26 Feb 2019 21:44:37 +0100
Date: Tue, 26 Feb 2019 21:44:37 +0100
From: Jakub Jelinek <jakub@redhat.com>
To: Richard Biener <rguenther@suse.de>, Jeff Law <law@redhat.com>,
	Jason Merrill <jason@redhat.com>
Cc: gcc-patches@gcc.gnu.org
Subject: [PATCH] Fix array size verification (PR c++/89507)
Message-ID: <20190226204437.GL7611@tucnak>
Reply-To: Jakub Jelinek <jakub@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
X-IsSubscribed: yes

Hi!

Seems valid_constant_size_p has been written with the expectation that only
sizetype/ssizetype constants will be passed to it, otherwise it couldn't
ever just blindly test tree_int_cst_sign_bit (size) for unsigned
INTEGER_CSTs and complain cst_size_too_big.
Unfortunately a recent patch started using this function even on other
types, and the comment explicitly talk about it being done on
pre-conversion to sizetype:
      /* The expression in a noptr-new-declarator is erroneous if it's of
         non-class type and its value before converting to std::size_t is
         less than zero. ... If the expression is a constant expression,
         the program is ill-fomed.  */
      if (TREE_CODE (cst_nelts) == INTEGER_CST
          && !valid_array_size_p (input_location, cst_nelts, NULL_TREE,
                                  complain & tf_error))
        return error_mark_node;
E.g. __int128 negative value could fit just fine after cast to sizetype,
etc.

So, instead of changing the C++ FE to only complain about negative cst_elts
normally and fold_convert everything to sizetype before checking, this patch
attempts to deal with non-{,s}sizetype constants.  Negative (signed)
constants are always rejected as before, newly constants that don't fit into
uhwi are rejected after that check regardless of signedness and anything
larger or equal than SIZE_MAX / 2 is also rejected as too big.

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2019-02-26  Jakub Jelinek  <jakub@redhat.com>

	PR c++/89507
	* tree.c (valid_constant_size_p): Deal with size INTEGER_CSTs
	with types other than sizetype/ssizetype.

	* g++.dg/other/new2.C: New test.


	Jakub

--- gcc/tree.c.jj	2019-02-18 20:48:35.745681423 +0100
+++ gcc/tree.c	2019-02-26 18:22:23.760753681 +0100
@@ -7533,19 +7533,16 @@ valid_constant_size_p (const_tree size,
       return false;
     }
 
-  tree type = TREE_TYPE (size);
-  if (TYPE_UNSIGNED (type))
+  if (tree_int_cst_sgn (size) < 0)
     {
-      if (!tree_fits_uhwi_p (size)
-	  || tree_int_cst_sign_bit (size))
-	{
-	  *perr = cst_size_too_big;
-	  return false;
-	}
+      *perr = cst_size_negative;
+      return false;
     }
-  else if (tree_int_cst_sign_bit (size))
+  if (!tree_fits_uhwi_p (size)
+      || (wi::to_widest (TYPE_MAX_VALUE (sizetype))
+	  < wi::to_widest (size) * 2))
     {
-      *perr = cst_size_negative;
+      *perr = cst_size_too_big;
       return false;
     }
 
--- gcc/testsuite/g++.dg/other/new2.C.jj	2019-02-26 18:24:23.792785651 +0100
+++ gcc/testsuite/g++.dg/other/new2.C	2019-02-26 18:23:26.530724514 +0100
@@ -0,0 +1,5 @@
+// PR c++/89507
+// { dg-do compile }
+
+unsigned char const n = 128;
+int *p = new int[n];	// { dg-bogus "array exceeds maximum object size" }