[Bug middle-end/82694] [8 regression] Linux kernel miscompiled since r250765

amker at gcc dot gnu.org Tue, 24 Oct 2017 03:25:15 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82694


--- Comment #7 from amker at gcc dot gnu.org ---
I didn't go through all the differences, but below is an example of using
wrapping behavior for pointers:

int vsnprintf(char *buf, size_t size, const char *fmt, va_list args)
{
 unsigned long long num;
 char *str, *end;
 struct printf_spec spec = {0};
 //...
 str = buf;
 end = buf + size;

 if (end < buf) {
  end = ((void *)-1);
  size = end - buf;
 }
 //...
}
int vsprintf(char *buf, const char *fmt, va_list args)
{
 return vsnprintf(buf, ((int)(~0U>>1)), fmt, args);
}
So vsnprintf get 0x7fffffff as the second argument, the comparison between end
and buf gets folded with undefined overflow behavior assumption.

[Bug middle-end/82694] [8 regression] Linux kernel miscompiled since r250765

Reply via email to