Re: [PATCH][PR sanitizer/80414] Fix segfault with -fsanitize=undefined on 32 bit host

Denis Khalikov Thu, 13 Apr 2017 06:56:26 -0700

Thanks for review.

I updated the patch.



On 04/13/2017 04:10 PM, Jakub Jelinek wrote:

On Thu, Apr 13, 2017 at 12:28:40PM +0300, Denis Khalikov wrote:

--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/bounds-15.c
@@ -0,0 +1,11 @@
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+int main()
+{
+  long long offset = 10;
+  char array[10];
+  char c = array[offset];
+  return 0;
+}


I would expect you want to dg-output here the runtime diagnostics,
at least some part of it, to make it clear the testcase is UB and
to test whether the UB is detected.

diff --git a/gcc/ubsan.c b/gcc/ubsan.c
index c01d633..9333336 100644
--- a/gcc/ubsan.c
+++ b/gcc/ubsan.c
@@ -672,7 +672,8 @@ ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)

   /* Pick up the arguments of the UBSAN_BOUNDS call.  */
   tree type = TREE_TYPE (TREE_TYPE (gimple_call_arg (stmt, 0)));
-  tree index = gimple_call_arg (stmt, 1);
+  tree index, orig_index;
+  index = orig_index = gimple_call_arg (stmt, 1);
   tree orig_index_type = TREE_TYPE (index);


Instead of this I'd suggest:
   tree index = gimple_call_arg (stmt, 1);
-  tree orig_index_type = TREE_TYPE (index);
+  tree orig_index = index;

   tree bound = gimple_call_arg (stmt, 2);

@@ -708,9 +709,9 @@ ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)
          ? BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS
          : BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS_ABORT;
       tree fn = builtin_decl_explicit (bcode);
-      tree val = force_gimple_operand_gsi (gsi, ubsan_encode_value (index),
-                                          true, NULL_TREE, true,
-                                          GSI_SAME_STMT);
+      tree val
+       = force_gimple_operand_gsi (gsi, ubsan_encode_value (orig_index), true,
+                                   NULL_TREE, true, GSI_SAME_STMT);
       g = gimple_build_call (fn, 2, data, val);
     }
   gimple_set_location (g, loc);


and replace orig_index_type use with TREE_TYPE (orig_index)

        Jakub

commit 5267088b655febb8dd9b675e5da7263ada41ead4
Author: Denis Khalikov <d.khali...@partner.samsung.com>
Date:   Thu Apr 13 12:03:19 2017 +0300

        PR sanitizer/80414
        * ubsan.c (ubsan_expand_bounds_ifn): Fix wrong tree val generation
        for 32 bit host.
        * c-c++-common/ubsan/bounds-15.c: New test.

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 3154103..283dbd6 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-13  Denis Khalikov <d.khali...@partner.samsung.com>
+
+	PR sanitizer/80414
+	* ubsan.c (ubsan_expand_bounds_ifn): Fix wrong tree val generation
+	for 32 bit host.
+
 2017-04-12  Jan Hubicka  <hubi...@ucw.cz>
 
 	PR lto/69953 
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index b1594f2..fe55233 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2017-04-13  Denis Khalikov  <d.khali...@partner.samsung.com>
+
+	PR sanitizer/80414
+	* c-c++-common/ubsan/bounds-15.c: New test.
+
 2017-04-12  Jakub Jelinek  <ja...@redhat.com>
 
 	PR tree-optimization/79390
diff --git a/gcc/testsuite/c-c++-common/ubsan/bounds-15.c b/gcc/testsuite/c-c++-common/ubsan/bounds-15.c
new file mode 100644
index 0000000..d62f5d5
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/bounds-15.c
@@ -0,0 +1,13 @@
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds" } */
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+int main()
+{
+  long long offset = 10;
+  char array[10];
+  char c = array[offset];
+  return 0;
+}
+
+/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'char \\\[10\\\]'" } */
diff --git a/gcc/ubsan.c b/gcc/ubsan.c
index c01d633..4159cc5 100644
--- a/gcc/ubsan.c
+++ b/gcc/ubsan.c
@@ -673,7 +673,7 @@ ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)
   /* Pick up the arguments of the UBSAN_BOUNDS call.  */
   tree type = TREE_TYPE (TREE_TYPE (gimple_call_arg (stmt, 0)));
   tree index = gimple_call_arg (stmt, 1);
-  tree orig_index_type = TREE_TYPE (index);
+  tree orig_index = index;
   tree bound = gimple_call_arg (stmt, 2);
 
   gimple_stmt_iterator gsi_orig = *gsi;
@@ -700,7 +700,7 @@ ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)
       tree data
 	= ubsan_create_data ("__ubsan_out_of_bounds_data", 1, &loc,
 			     ubsan_type_descriptor (type, UBSAN_PRINT_ARRAY),
-			     ubsan_type_descriptor (orig_index_type),
+			     ubsan_type_descriptor (TREE_TYPE (orig_index)),
 			     NULL_TREE, NULL_TREE);
       data = build_fold_addr_expr_loc (loc, data);
       enum built_in_function bcode
@@ -708,9 +708,9 @@ ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)
 	  ? BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS
 	  : BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS_ABORT;
       tree fn = builtin_decl_explicit (bcode);
-      tree val = force_gimple_operand_gsi (gsi, ubsan_encode_value (index),
-					   true, NULL_TREE, true,
-					   GSI_SAME_STMT);
+      tree val
+	= force_gimple_operand_gsi (gsi, ubsan_encode_value (orig_index), true,
+				    NULL_TREE, true, GSI_SAME_STMT);
       g = gimple_build_call (fn, 2, data, val);
     }
   gimple_set_location (g, loc);

Re: [PATCH][PR sanitizer/80414] Fix segfault with -fsanitize=undefined on 32 bit host

Reply via email to