{"id":808846,"url":"http://patchwork.ozlabs.org/api/1.2/patches/808846/?format=json","web_url":"http://patchwork.ozlabs.org/project/gcc/patch/20170901174714.GB20631@redhat.com/","project":{"id":17,"url":"http://patchwork.ozlabs.org/api/1.2/projects/17/?format=json","name":"GNU Compiler Collection","link_name":"gcc","list_id":"gcc-patches.gcc.gnu.org","list_email":"gcc-patches@gcc.gnu.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170901174714.GB20631@redhat.com>","list_archive_url":null,"date":"2017-09-01T17:47:14","name":"Disable type demotion for sanitizer (PR sanitizer/82072)","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"0c38c305b40fc3d5b818105423ac16e0c273c02e","submitter":{"id":14370,"url":"http://patchwork.ozlabs.org/api/1.2/people/14370/?format=json","name":"Marek Polacek","email":"polacek@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/gcc/patch/20170901174714.GB20631@redhat.com/mbox/","series":[{"id":1086,"url":"http://patchwork.ozlabs.org/api/1.2/series/1086/?format=json","web_url":"http://patchwork.ozlabs.org/project/gcc/list/?series=1086","date":"2017-09-01T17:47:14","name":"Disable type demotion for sanitizer (PR sanitizer/82072)","version":1,"mbox":"http://patchwork.ozlabs.org/series/1086/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/808846/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/808846/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list gcc-patches@gcc.gnu.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=gcc-patches-return-461317-incoming=patchwork.ozlabs.org@gcc.gnu.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org\n\theader.b=\"W29olJAy\"; dkim-atps=neutral","sourceware.org; auth=none","ext-mx02.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx02.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=polacek@redhat.com"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xkRXQ6fbDz9t2x\n\tfor ;\n\tSat, 2 Sep 2017 03:47:34 +1000 (AEST)","(qmail 74744 invoked by alias); 1 Sep 2017 17:47:25 -0000","(qmail 74733 invoked by uid 89); 1 Sep 2017 17:47:24 -0000","from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by\n\tsourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;\n\tFri, 01 Sep 2017 17:47:20 +0000","from smtp.corp.redhat.com\n\t(int-mx01.intmail.prod.int.phx2.redhat.com\n\t[10.5.11.11])\t(using TLSv1.2 with cipher AECDH-AES256-SHA\n\t(256/256 bits))\t(No client certificate requested)\tby\n\tmx1.redhat.com (Postfix) with ESMTPS id B279E806C6\tfor\n\t; Fri, 1 Sep 2017 17:47:18 +0000 (UTC)","from redhat.com (ovpn-204-29.brq.redhat.com [10.40.204.29])\tby\n\tsmtp.corp.redhat.com (Postfix) with ESMTPS id DFD8995699;\n\tFri, 1 Sep 2017 17:47:17 +0000 (UTC)"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id\n\t:list-unsubscribe:list-archive:list-post:list-help:sender:date\n\t:from:to:subject:message-id:mime-version:content-type; q=dns; s=\n\tdefault; b=lIL/oTL+HPm82ZMzDgU6KsNhquax5lyK2wIorgPBeDIAlvt58oP74\n\tId9RVdXDfhaqCgMP/vo5hWKuRKJWBv4oiQvG3WLjgSrruQJHIGyjqsRj9TZ3hZH2\n\tYptAd2kGp1Hb37R5m3/+nWhNCfJ+N9v6KlUsT+Q5D1kyAEAWRa9j+g=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id\n\t:list-unsubscribe:list-archive:list-post:list-help:sender:date\n\t:from:to:subject:message-id:mime-version:content-type; s=\n\tdefault; bh=k1YZvyDmOEqoSWC0DPZwavdkKAM=; b=W29olJAy9TJ2ikYLbUVE\n\tt9pFEOKEP31pkJrGyl+oSAsO5yTueJmzykymjRf+4j7DiqsbmMKwcpmjeTEk+yzB\n\tZuaKfZ6x3NIN55MlwDLYz4+vVZMczCmU2uuHT6dbGq4xZSQIuC/G1Bv87TgLHuOv\n\tKdrYizIL9tqUnMrOaWPsSJU=","Mailing-List":"contact gcc-patches-help@gcc.gnu.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Archive":"","List-Post":"","List-Help":"","Sender":"gcc-patches-owner@gcc.gnu.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,\n\tGIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RP_MATCHES_RCVD,\n\tSPF_HELO_PASS autolearn=ham version=3.3.2 spammy=","X-HELO":"mx1.redhat.com","DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com B279E806C6","Date":"Fri, 1 Sep 2017 19:47:14 +0200","From":"Marek Polacek ","To":"GCC Patches , Jakub Jelinek ","Subject":"[PATCH] Disable type demotion for sanitizer (PR sanitizer/82072)","Message-ID":"<20170901174714.GB20631@redhat.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","User-Agent":"Mutt/1.8.3 (2017-05-23)"},"content":"Here, do_narrow and convert_to_integer_1 is demoting signed types to unsigned,\ne.g. for\n i = i - lmin\nwhere i is int and lmin is long int, so what we should produce is\n i = (int) ((long int) i - lmin)\nbut instead it produces\n i = (int) ((unsigned int) i - (unsigned int) lmin);\nwhich hides the overflow. Similarly for NEGATE_EXPR. This patch prevents\nsuch demoting when the sanitizer is on.\n\nThere still might be a similar issue with division or shifting, but I couldn't\ntrigger that.\n\nBootstrapped/regtested on x86_64-linux, ok for trunk?\n\n2017-09-01 Marek Polacek \n\n\tPR sanitizer/82072\n\t* convert.c (do_narrow): When sanitizing signed integer overflows,\n\tbail out for signed types.\n\t(convert_to_integer_1) : Likewise.\n\n\t* c-c++-common/ubsan/pr82072.c: New test.\n\n\n\tMarek","diff":"diff --git gcc/convert.c gcc/convert.c\nindex 22152cae79b..139d790fd98 100644\n--- gcc/convert.c\n+++ gcc/convert.c\n@@ -434,6 +434,13 @@ do_narrow (location_t loc,\n typex = lang_hooks.types.type_for_size (TYPE_PRECISION (typex),\n \t\t\t\t\t TYPE_UNSIGNED (typex));\n \n+ /* The type demotion below might cause doing unsigned arithmetic\n+ instead of signed, and thus hide overflow bugs. */\n+ if ((ex_form == PLUS_EXPR || ex_form == MINUS_EXPR)\n+ && !TYPE_UNSIGNED (typex)\n+ && sanitize_flags_p (SANITIZE_SI_OVERFLOW))\n+ return NULL_TREE;\n+\n /* But now perhaps TYPEX is as wide as INPREC.\n In that case, do nothing special here.\n (Otherwise would recurse infinitely in convert. */\n@@ -895,7 +902,12 @@ convert_to_integer_1 (tree type, tree expr, bool dofold)\n \t\t\t\t\t\t TYPE_UNSIGNED (typex));\n \n \t if (!TYPE_UNSIGNED (typex))\n-\t\ttypex = unsigned_type_for (typex);\n+\t\t{\n+\t\t /* Using unsigned arithmetic may hide overflow bugs. */\n+\t\t if (sanitize_flags_p (SANITIZE_SI_OVERFLOW))\n+\t\t break;\n+\t\t typex = unsigned_type_for (typex);\n+\t\t}\n \t return convert (type,\n \t\t\t fold_build1 (ex_form, typex,\n \t\t\t\t\t convert (typex,\ndiff --git gcc/testsuite/c-c++-common/ubsan/pr82072.c gcc/testsuite/c-c++-common/ubsan/pr82072.c\nindex e69de29bb2d..d5683406b14 100644\n--- gcc/testsuite/c-c++-common/ubsan/pr82072.c\n+++ gcc/testsuite/c-c++-common/ubsan/pr82072.c\n@@ -0,0 +1,19 @@\n+/* PR sanitizer/82072 */\n+/* { dg-do run } */\n+/* { dg-options \"-fsanitize=signed-integer-overflow\" } */\n+\n+int\n+main ()\n+{\n+ long long l = -__LONG_LONG_MAX__ - 1;\n+ int i = 0;\n+ asm volatile (\"\" : \"+r\" (i));\n+ i -= l;\n+ asm volatile (\"\" : \"+r\" (i));\n+ i = -l;\n+ asm volatile (\"\" : \"+r\" (i));\n+ return 0;\n+}\n+\n+/* { dg-output \"signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long long int'\\[^\\n\\r]*(\\n|\\r\\n|\\r)\" } */\n+/* { dg-output \"\\[^\\n\\r]*negation of -9223372036854775808 cannot be represented in type 'long long int'\\[^\\n\\r]*; cast to an unsigned type to negate this value to itself\" } */\n","prefixes":[]}