-
- Downloads
sanitizer: missing signed integer overflow errors [PR109107]
Here we're failing to detect a signed overflow with -O because match.pd, since r8-1516, transforms c = (a + 1) - (int) (short int) b; into c = (int) ((unsigned int) a + 4294946117); wrongly eliding the overflow. This kind of problems is usually avoided by using TYPE_OVERFLOW_SANITIZED in the appropriate place. The first match.pd hunk in the patch fixes it. I've constructed a testcase for each of the surrounding cases as well. Then I noticed that fold_binary_loc/associate has the same problem, so I've added a TYPE_OVERFLOW_SANITIZED there as well (it may be too coarse, sorry). Then I found yet another problem, but instead of fixing it now I've opened 109134. I could probably go on and find a dozen more. PR sanitizer/109107 gcc/ChangeLog: * fold-const.cc (fold_binary_loc): Use TYPE_OVERFLOW_SANITIZED when associating. * match.pd: Use TYPE_OVERFLOW_SANITIZED. gcc/testsuite/ChangeLog: * c-c++-common/ubsan/pr109107-1.c: New test. * c-c++-common/ubsan/pr109107-2.c: New test. * c-c++-common/ubsan/pr109107-3.c: New test. * c-c++-common/ubsan/pr109107-4.c: New test.
Showing
- gcc/fold-const.cc 2 additions, 1 deletiongcc/fold-const.cc
- gcc/match.pd 3 additions, 3 deletionsgcc/match.pd
- gcc/testsuite/c-c++-common/ubsan/pr109107-1.c 23 additions, 0 deletionsgcc/testsuite/c-c++-common/ubsan/pr109107-1.c
- gcc/testsuite/c-c++-common/ubsan/pr109107-2.c 24 additions, 0 deletionsgcc/testsuite/c-c++-common/ubsan/pr109107-2.c
- gcc/testsuite/c-c++-common/ubsan/pr109107-3.c 25 additions, 0 deletionsgcc/testsuite/c-c++-common/ubsan/pr109107-3.c
- gcc/testsuite/c-c++-common/ubsan/pr109107-4.c 24 additions, 0 deletionsgcc/testsuite/c-c++-common/ubsan/pr109107-4.c
Loading
Please register or sign in to comment