On 09/01/2017 11:47 AM, Marek Polacek wrote: > Here, do_narrow and convert_to_integer_1 is demoting signed types to unsigned, > e.g. for > i = i - lmin > where i is int and lmin is long int, so what we should produce is > i = (int) ((long int) i - lmin) > but instead it produces > i = (int) ((unsigned int) i - (unsigned int) lmin); > which hides the overflow. Similarly for NEGATE_EXPR. This patch prevents > such demoting when the sanitizer is on. > > There still might be a similar issue with division or shifting, but I couldn't > trigger that. > > Bootstrapped/regtested on x86_64-linux, ok for trunk? > > 2017-09-01 Marek Polacek <pola...@redhat.com> > > PR sanitizer/82072 > * convert.c (do_narrow): When sanitizing signed integer overflows, > bail out for signed types. > (convert_to_integer_1) <case NEGATE_EXPR>: Likewise. > > * c-c++-common/ubsan/pr82072.c: New test. OK. There's probably other places that may need similar treatment. You might want to peek at shorten_binary_op and shorten_compare to see if they suffer from similar problems. We really want them to go away, but we haven't gotten back to that project since Kai left.
Jeff
