Re: [PATCH] c: Fix ICEs with -fsanitize=pointer-{subtract,compare} [PR119582]

Wed, 02 Apr 2025 09:50:58 -0700 

On Wed, Apr 02, 2025 at 06:38:12PM +0200, Jakub Jelinek wrote:
> Hi!
> 
> The following testcase ICEs because c_fully_fold isn't performed on the
> arguments of __sanitizer_ptr_{sub,cmp} builtins and so e.g.
> C_MAYBE_CONST_EXPR can leak into the gimplifier where it ICEs.
> 
> Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for
> trunk?

Ok.
 
> 2025-04-02  Jakub Jelinek  <ja...@redhat.com>
> 
>       PR c/119582
>       * c-typeck.cc (pointer_diff, build_binary_op): Call c_fully_fold on
>       __sanitizer_ptr_sub or __sanitizer_ptr_cmp arguments.
> 
>       * gcc.dg/asan/pr119582.c: New test.
> 
> --- gcc/c/c-typeck.cc.jj      2025-03-27 09:29:36.953576540 +0100
> +++ gcc/c/c-typeck.cc 2025-04-02 15:04:47.103495567 +0200
> @@ -4824,8 +4824,8 @@ pointer_diff (location_t loc, tree op0,
>    if (current_function_decl != NULL_TREE
>        && sanitize_flags_p (SANITIZE_POINTER_SUBTRACT))
>      {
> -      op0 = save_expr (op0);
> -      op1 = save_expr (op1);
> +      op0 = save_expr (c_fully_fold (op0, false, NULL));
> +      op1 = save_expr (c_fully_fold (op1, false, NULL));
>  
>        tree tt = builtin_decl_explicit (BUILT_IN_ASAN_POINTER_SUBTRACT);
>        *instrument_expr = build_call_expr_loc (loc, tt, 2, op0, op1);
> @@ -14455,8 +14455,8 @@ build_binary_op (location_t location, en
>         && current_function_decl != NULL_TREE
>         && sanitize_flags_p (SANITIZE_POINTER_COMPARE))
>       {
> -       op0 = save_expr (op0);
> -       op1 = save_expr (op1);
> +       op0 = save_expr (c_fully_fold (op0, false, NULL));
> +       op1 = save_expr (c_fully_fold (op1, false, NULL));
>  
>         tree tt = builtin_decl_explicit (BUILT_IN_ASAN_POINTER_COMPARE);
>         instrument_expr = build_call_expr_loc (location, tt, 2, op0, op1);
> --- gcc/testsuite/gcc.dg/asan/pr119582.c.jj   2025-04-02 15:11:22.351048509 
> +0200
> +++ gcc/testsuite/gcc.dg/asan/pr119582.c      2025-04-02 15:11:57.600561599 
> +0200
> @@ -0,0 +1,23 @@
> +/* PR c/119582 */
> +/* { dg-do compile } */
> +/* { dg-options "-O2 -fsanitize=address,pointer-subtract,pointer-compare" } 
> */
> +
> +const char v;
> +typedef __PTRDIFF_TYPE__ ptrdiff_t;
> +char a;
> +const ptrdiff_t p = &a + 1 - &a;
> +const int q = (&a + 1) != &a;
> +
> +ptrdiff_t
> +foo (void)
> +{
> +  char b;
> +  return &b + (v != '\n') - &b;
> +}
> +
> +int
> +bar (void)
> +{
> +  char b;
> +  return (&b + (v != '\n')) != &b;
> +}
> 
>       Jakub
> 

Marek

Reply via email to