Hi!
When processing_template_decl, all we care about is diagnostics
and the return type if it is not dependent; other spots that add
sanitization do nothing if processing_template_decl and the following patch
does that for the two recently added ones.
Without it, save_expr is called on potentially dependent FE expressions the
middle-end doesn't handle.
Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for
trunk?
2019-01-18 Jakub Jelinek <ja...@redhat.com>
PR sanitizer/88901
* typeck.c (cp_build_binary_op): Don't instrument
SANITIZE_POINTER_COMPARE if processing_template_decl.
(pointer_diff): Similarly for SANITIZE_POINTER_SUBTRACT.
* g++.dg/asan/pr88901.C: New test.
--- gcc/cp/typeck.c.jj 2019-01-18 09:13:58.580790058 +0100
+++ gcc/cp/typeck.c 2019-01-18 11:53:45.941734135 +0100
@@ -5233,6 +5233,7 @@ cp_build_binary_op (const op_location_t
}
if ((code0 == POINTER_TYPE || code1 == POINTER_TYPE)
+ && !processing_template_decl
&& sanitize_flags_p (SANITIZE_POINTER_COMPARE))
{
op0 = save_expr (op0);
@@ -5650,7 +5651,8 @@ pointer_diff (location_t loc, tree op0,
else
inttype = restype;
- if (sanitize_flags_p (SANITIZE_POINTER_SUBTRACT))
+ if (!processing_template_decl
+ && sanitize_flags_p (SANITIZE_POINTER_SUBTRACT))
{
op0 = save_expr (op0);
op1 = save_expr (op1);
--- gcc/testsuite/g++.dg/asan/pr88901.C.jj 2019-01-18 11:55:42.398826983
+0100
+++ gcc/testsuite/g++.dg/asan/pr88901.C 2019-01-18 11:55:26.559086374 +0100
@@ -0,0 +1,13 @@
+// PR sanitizer/88901
+// { dg-do compile }
+// { dg-options "-fsanitize=address -fsanitize=pointer-compare" }
+
+template <typename T>
+struct A {
+ void foo() {
+ auto d = [](char *x, char *y) {
+ for (char *p = x; p + sizeof(T) <= y; p += sizeof(T))
+ reinterpret_cast<T *>(p)->~T();
+ };
+ }
+};
Jakub
