https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71392
Bug ID: 71392
Summary: SEGV calling integer overflow built-ins with a null
pointer
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
All versions of GCC that support the built-ins for Integer Arithmetic with
Overflow Checking allow callers to pass a null constant pointer as the last
argument. As one might expect, a program that evaluates the call then crashes
due to the write. The built-ins should detect when the argument is a null
constant pointer and reject the call.
$ cat zzz.cpp && ~/bin/gcc-5.1.0/bin/gcc -Wall -Wextra -Wpedantic
-fdump-tree-optimized=/dev/stdout zzz.cpp && ./a.out
int main ()
{
__builtin_printf ("%i\n", __builtin_sadd_overflow (1, 2, (int*)0));
}
;; Function int main() (main, funcdef_no=0, decl_uid=2324, cgraph_uid=0,
symbol_order=0)
int main() ()
{
int D.2332;
int D.2331;
int D.2330;
int D.2329;
complex int D.2328;
int * D.2327;
int * _1;
complex int _2;
int _3;
int _6;
int _7;
int _9;
<bb 2>:
_1 = 0B;
_2 = __complex__ (3, 0);
_3 = REALPART_EXPR <_2>;
*_1 = _3;
_6 = IMAGPART_EXPR <_2>;
_7 = _6 & 1;
__builtin_printf ("%i\n", _7);
_9 = 0;
<L0>:
return _9;
}
Segmentation fault (core dumped)
