[PATCH] Fix -fsanitize=float-cast-overflow with C FE (PR sanitizer/64289)

Fri, 12 Dec 2014 13:31:01 -0800 

Hi!

-fsanitize=float-cast-overflow sanitization is done in convert.c and calls
there save_expr.  Unfortunately, save_expr is a no-go for the C FE, we need
c_save_expr, but as convert.c is shared by all FEs, the only way to arrange
that would be a new langhook.  This patch attempts to fix it the same way
as PR54428 did (the other save_expr in c-convert.c).

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2014-12-12  Jakub Jelinek  <ja...@redhat.com>

        PR sanitizer/64289
        * c-convert.c: Include ubsan.h.
        (convert): For real -> integral casts and
        -fsanitize=float-cast-overflow don't call convert_to_integer, but
        instead instrument the float cast directly.

        * c-c++-common/ubsan/pr64289.c: New test.

--- gcc/c/c-convert.c.jj        2014-10-10 08:19:21.000000000 +0200
+++ gcc/c/c-convert.c   2014-12-12 16:57:34.514316301 +0100
@@ -34,6 +34,7 @@ along with GCC; see the file COPYING3.
 #include "c-tree.h"
 #include "langhooks.h"
 #include "target.h"
+#include "ubsan.h"
 
 /* Change of width--truncation and extension of integers or reals--
    is represented with NOP_EXPR.  Proper functioning of many things
@@ -109,6 +110,20 @@ convert (tree type, tree expr)
 
     case INTEGER_TYPE:
     case ENUMERAL_TYPE:
+      if (flag_sanitize & SANITIZE_FLOAT_CAST
+         && TREE_CODE (TREE_TYPE (expr)) == REAL_TYPE
+         && COMPLETE_TYPE_P (type)
+         && current_function_decl != NULL_TREE
+         && !lookup_attribute ("no_sanitize_undefined",
+                               DECL_ATTRIBUTES (current_function_decl)))
+       {
+         expr = c_save_expr (expr);
+         tree check = ubsan_instrument_float_cast (loc, type, expr);
+         expr = fold_build1 (FIX_TRUNC_EXPR, type, expr);
+         if (check == NULL)
+           return expr;
+         return fold_build2 (COMPOUND_EXPR, TREE_TYPE (expr), check, expr);
+       }
       ret = convert_to_integer (type, e);
       goto maybe_fold;
 
--- gcc/testsuite/c-c++-common/ubsan/pr64289.c.jj       2014-12-12 
17:12:35.419638432 +0100
+++ gcc/testsuite/c-c++-common/ubsan/pr64289.c  2014-12-12 17:11:39.000000000 
+0100
@@ -0,0 +1,9 @@
+/* PR sanitizer/64289 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=float-cast-overflow" } */
+
+int
+foo (int a)
+{
+  return (int) (0 ? 0 : a ? a : 0.5);
+}

        Jakub

Reply via email to