https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80308
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2017-04-04
Ever confirmed|0 |1
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
(In reply to Bernd Edlinger from comment #6)
> this looks suspicious:
>
> --- asan.c.jj 2017-03-27 10:25:01.000000000 +0200
> +++ asan.c 2017-04-04 21:15:31.444941816 +0200
> @@ -2762,7 +2762,8 @@ asan_store_shadow_bytes (gimple_stmt_ite
> unsigned char shadow_c = c;
> if (i == size - 1 && last_chunk_size && !is_clobber)
> shadow_c = last_chunk_size;
> - val |= (unsigned HOST_WIDE_INT) shadow_c << (BITS_PER_UNIT * i);
> + val |= (unsigned HOST_WIDE_INT) shadow_c
> + << (BITS_PER_UNIT * (BYTES_BIG_ENDIAN ? size - 1 - i : i));
> }
>
> /* Handle last chunk in unpoisoning. */
Indeed, though perhaps it might be more readable to:
for (unsigned i = 0; i < size; ++i)
{
unsigned char shadow_c = c;
if (i == (BYTES_BIG_ENDIAN ? 0 : size - 1)
&& last_chunk_size
&& !is_clobber)
shadow_c = last_chunk_size;
val |= (unsigned HOST_WIDE_INT) shadow_c << (BITS_PER_UNIT * i);
}
But we really want a testcase for the testsuite here.
It needs to be something simple that with (the default
-fsanitize-use-after-scope) unpoisons and later poisons a variable with size
that is not a multiple of 32 bytes, such as that size of 12.
