[gcc r14-11654] c: Fix ICEs with -fsanitize=pointer-{subtract, compare} [PR119582]

Fri, 18 Apr 2025 23:14:28 -0700 

https://gcc.gnu.org/g:c0946fe4d216829e96bf2cd64faf5e4630dd8cc2

commit r14-11654-gc0946fe4d216829e96bf2cd64faf5e4630dd8cc2
Author: Jakub Jelinek <ja...@redhat.com>
Date:   Wed Apr 2 19:28:20 2025 +0200

    c: Fix ICEs with -fsanitize=pointer-{subtract,compare} [PR119582]
    
    The following testcase ICEs because c_fully_fold isn't performed on the
    arguments of __sanitizer_ptr_{sub,cmp} builtins and so e.g.
    C_MAYBE_CONST_EXPR can leak into the gimplifier where it ICEs.
    
    2025-04-02  Jakub Jelinek  <ja...@redhat.com>
    
            PR c/119582
            * c-typeck.cc (pointer_diff, build_binary_op): Call c_fully_fold on
            __sanitizer_ptr_sub or __sanitizer_ptr_cmp arguments.
    
            * gcc.dg/asan/pr119582.c: New test.
    
    (cherry picked from commit 29bc904cb827615ed9f36bc3742ccc4ac77515ec)

Diff:
---
 gcc/c/c-typeck.cc                    |  8 ++++----
 gcc/testsuite/gcc.dg/asan/pr119582.c | 23 +++++++++++++++++++++++
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index 57d5ca586608..44d705befdcc 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -4463,8 +4463,8 @@ pointer_diff (location_t loc, tree op0, tree op1, tree 
*instrument_expr)
   if (current_function_decl != NULL_TREE
       && sanitize_flags_p (SANITIZE_POINTER_SUBTRACT))
     {
-      op0 = save_expr (op0);
-      op1 = save_expr (op1);
+      op0 = save_expr (c_fully_fold (op0, false, NULL));
+      op1 = save_expr (c_fully_fold (op1, false, NULL));
 
       tree tt = builtin_decl_explicit (BUILT_IN_ASAN_POINTER_SUBTRACT);
       *instrument_expr = build_call_expr_loc (loc, tt, 2, op0, op1);
@@ -13407,8 +13407,8 @@ build_binary_op (location_t location, enum tree_code 
code,
          && current_function_decl != NULL_TREE
          && sanitize_flags_p (SANITIZE_POINTER_COMPARE))
        {
-         op0 = save_expr (op0);
-         op1 = save_expr (op1);
+         op0 = save_expr (c_fully_fold (op0, false, NULL));
+         op1 = save_expr (c_fully_fold (op1, false, NULL));
 
          tree tt = builtin_decl_explicit (BUILT_IN_ASAN_POINTER_COMPARE);
          instrument_expr = build_call_expr_loc (location, tt, 2, op0, op1);
diff --git a/gcc/testsuite/gcc.dg/asan/pr119582.c 
b/gcc/testsuite/gcc.dg/asan/pr119582.c
new file mode 100644
index 000000000000..f33cb51adb2f
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/pr119582.c
@@ -0,0 +1,23 @@
+/* PR c/119582 */
+/* { dg-do compile } */
+/* { dg-options "-O2 -fsanitize=address,pointer-subtract,pointer-compare" } */
+
+const char v;
+typedef __PTRDIFF_TYPE__ ptrdiff_t;
+char a;
+const ptrdiff_t p = &a + 1 - &a;
+const int q = (&a + 1) != &a;
+
+ptrdiff_t
+foo (void)
+{
+  char b;
+  return &b + (v != '\n') - &b;
+}
+
+int
+bar (void)
+{
+  char b;
+  return (&b + (v != '\n')) != &b;
+}

Reply via email to