From patchwork Thu Apr 4 21:42:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Sebor X-Patchwork-Id: 1077743 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-498865-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="KtOfN98B"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="cM97iL4n"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44ZxHz2Mqvz9sPn for ; Fri, 5 Apr 2019 08:42:34 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:to :from:subject:message-id:date:mime-version:content-type; q=dns; s=default; b=w3MWJdro4gF0Mp90LP3a7n4Qpc48gsOlT4riYAhv7SdeTVwQmd +qRGcZ9ZfpsyzFNokhUF+6Cp/XcfA2aQQAjaRwGVtoS2FzzIewbpBBssWdSi572j plMqoReYpdCD78lfLWaJahqHFaFVIWMR7kAcoKyF2HPi6/TaPEYlYB9+Y= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:to :from:subject:message-id:date:mime-version:content-type; s= default; bh=vmk7N5cZ+n9RO7HXV95zxCKDKlI=; b=KtOfN98BBp00t8sB9Acu iPMY2U4goQrvvtPJeW2jmoU0lDWt/uj8Um+gBB02IpbkyEfrJC+rkTUcPjUyq394 62G0AlxSJBopeBR8TxabrkDVsbuB9PQkk6T4PalTx/AZ1GHxXVwN4t5J9xO1zHP3 yOhuNGfEQu9xZof+5uCK3BM= Received: (qmail 37938 invoked by alias); 4 Apr 2019 21:42:26 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 37922 invoked by uid 89); 4 Apr 2019 21:42:26 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-9.6 required=5.0 tests=AWL, BAYES_00, FREEMAIL_FROM, GIT_PATCH_2, GIT_PATCH_3, KAM_ASCII_DIVIDERS, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.1 spammy=nonexistent, dgpruneoutput, dg-prune-output, wint-conversion X-HELO: mail-qk1-f194.google.com Received: from mail-qk1-f194.google.com (HELO mail-qk1-f194.google.com) (209.85.222.194) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 04 Apr 2019 21:42:24 +0000 Received: by mail-qk1-f194.google.com with SMTP id c20so2622521qkc.10 for ; Thu, 04 Apr 2019 14:42:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-language; bh=91BAknIf3yTzzhJcFgJFlJOVvNrA+U8b6iU27Rzys6I=; b=cM97iL4nPHbDG4ygf5RGy+mlvjEircM1Lsvgb+U2ETvyQoX7dWcdqLVeKqRLTjQUL6 fRQTWa3tToYtHk6KfmM07wACEYPI95UF3lUis7k2WYPTWMzkia3humVGnxZBMJYXhPih KHfui4UPZPfmv18YElxcsNKcTvpOBpTraME6caeR4JotrCB2c+J7FNcsl43dTg/YvfVO D/Jb9QFIc+NIWAm2Aw66ccgt+S20VUj3nDkHO5sRNn26AB5W7hbuRe39lWZDS0z390r0 rn3RA11Fl5c7yww6LcPIGTA7eQOBuKF8SCC/Xp7Y38m9V9LJg5O/Q21rWnhIcsj/DMRX BDtQ== Received: from [192.168.0.41] (75-166-119-163.hlrn.qwest.net. [75.166.119.163]) by smtp.gmail.com with ESMTPSA id l6sm10946677qke.65.2019.04.04.14.42.20 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Apr 2019 14:42:21 -0700 (PDT) To: gcc-patches From: Martin Sebor Subject: [PATCH] avoid more ICE due to bad built-in calls declared without a prototype (PR 89911, 89957) Message-ID: <7f9f933f-58f4-f6bd-335f-829ef4ad6507@gmail.com> Date: Thu, 4 Apr 2019 15:42:20 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 MIME-Version: 1.0 X-IsSubscribed: yes Attached is yet another patch to avoid ICE due to middle-end assumptions about the sanity of calls to built-ins, this time for strnlen. It fixes two unsafe assumptions: 1) The -Wstringop-overflow checker for unterminated constant char arrays assumes that strnlen is called with exactly two arguments. When the function is declared without a prototype and called with no arguments the code aborts. This is PR 89911 (P1). 2) The wide_int min/max values of get_range_info() called on the strnlen bound have the same precision as PTRDIFF_MAX. That's not so when strnlen is declared without a prototype and called with an int128_t argument in some range. Rather than handling this case, wi::ltu_p() helpfully aborts instead. This is PR 89957 that I exposed while testing the fix above. The trivial patch avoids both of these assumptions. It's been tested on x86_64-linux. Similar to the patch for PR 89934, I will commit it later this week unless there are objections. Martin Patch for PR 89934 for reference: https://gcc.gnu.org/ml/gcc-patches/2019-04/msg00149.html PR middle-end/89957 - ICE calling strnlen with an int128_t bound in a known range PR middle-end/89911 - [9 Regression] ICE in get_attr_nonstring_decl gcc/ChangeLog: PR middle-end/89957 PR middle-end/89911 * builtins.c (expand_builtin_strnlen): Make sure wi::ltu_p operands have the same precision since the function crashes otherwise. * calls.c (maybe_warn_nonstring_arg): Avoid assuming strnlen() call has non-zero arguments. gcc/testsuite/ChangeLog: PR middle-end/89957 PR middle-end/89911 * gcc.dg/Wstringop-overflow-13.c: New test. Index: gcc/builtins.c =================================================================== --- gcc/builtins.c (revision 270149) +++ gcc/builtins.c (working copy) @@ -3151,7 +3151,7 @@ expand_builtin_strnlen (tree exp, rtx target, mach return NULL_RTX; if (!TREE_NO_WARNING (exp) - && wi::ltu_p (wi::to_wide (maxobjsize), min) + && wi::ltu_p (wi::to_wide (maxobjsize, min.get_precision ()), min) && warning_at (loc, OPT_Wstringop_overflow_, "%K%qD specified bound [%wu, %wu] " "exceeds maximum object size %E", Index: gcc/calls.c =================================================================== --- gcc/calls.c (revision 270149) +++ gcc/calls.c (working copy) @@ -1555,7 +1555,10 @@ maybe_warn_nonstring_arg (tree fndecl, tree exp) if (TREE_NO_WARNING (exp) || !warn_stringop_overflow) return; + /* Avoid clearly invalid calls (more checking done below). */ unsigned nargs = call_expr_nargs (exp); + if (!nargs) + return; /* The bound argument to a bounded string function like strncpy. */ tree bound = NULL_TREE; Index: gcc/testsuite/gcc.dg/Wstringop-overflow-13.c =================================================================== --- gcc/testsuite/gcc.dg/Wstringop-overflow-13.c (nonexistent) +++ gcc/testsuite/gcc.dg/Wstringop-overflow-13.c (working copy) @@ -0,0 +1,40 @@ +/* PR middle-end/89957 - ICE calling strnlen with an int128_t bound + in a known range + PR middle-end/89911 - ICE on a call with no arguments to strnlen + declared with no prototype + { dg-do compile } + { dg-options "-O2 -Wall" } */ + +typedef __SIZE_TYPE__ size_t; + +extern size_t strnlen (); + +size_t f0 (void) +{ + return strnlen (); /* { dg-warning "too few arguments to built-in function 'strnlen'" } */ +} + +size_t f1 (const char *s) +{ + return strnlen (s); /* { dg-warning "too few arguments to built-in function 'strnlen'" } */ +} + +size_t f2 (const char *s) +{ + return strnlen (s, s); /* { dg-warning "\\\[-Wint-conversion]" } */ +} + +#if __SIZEOF_INT128__ == 16 + +size_t fi128 (const char *s, __int128_t n) +{ + if (n < 0) + n = 0; + + /* PR middle-end/89957 */ + return strnlen (s, n); /* { dg-warning "\\\[-Wbuiltin-declaration-mismatch]" "int128" { target int128 } } */ +} + +#endif + +/* { dg-prune-output "\\\[-Wint-conversion]" } */