diff options
| author | mpolacek <mpolacek@138bc75d-0d04-0410-961f-82ee72b054a4> | 2015-09-25 11:19:11 +0000 |
|---|---|---|
| committer | mpolacek <mpolacek@138bc75d-0d04-0410-961f-82ee72b054a4> | 2015-09-25 11:19:11 +0000 |
| commit | bd4b90d2661ed85dab857925a00af1899ba40fc0 (patch) | |
| tree | 6379955efb32fbe80ad10202d9860a24ae8cfb3e | |
| parent | ac13b2b22368acfe40e05fe807d70f7dd6a5091f (diff) | |
| download | gcc-bd4b90d2661ed85dab857925a00af1899ba40fc0.tar.gz | |
* c-ubsan.c (ubsan_instrument_division): Remove unnecessary code.
(ubsan_instrument_shift): Likewise.
* c-c++-common/ubsan/bounds-11.c: New test.
* c-c++-common/ubsan/bounds-12.c: New test.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@228114 138bc75d-0d04-0410-961f-82ee72b054a4
| -rw-r--r-- | gcc/c-family/ChangeLog | 5 | ||||
| -rw-r--r-- | gcc/c-family/c-ubsan.c | 30 | ||||
| -rw-r--r-- | gcc/testsuite/ChangeLog | 5 | ||||
| -rw-r--r-- | gcc/testsuite/c-c++-common/ubsan/bounds-11.c | 23 | ||||
| -rw-r--r-- | gcc/testsuite/c-c++-common/ubsan/bounds-12.c | 23 |
5 files changed, 58 insertions, 28 deletions
diff --git a/gcc/c-family/ChangeLog b/gcc/c-family/ChangeLog index b9feff6e55c..32d0d2575dc 100644 --- a/gcc/c-family/ChangeLog +++ b/gcc/c-family/ChangeLog @@ -1,5 +1,10 @@ 2015-09-25 Marek Polacek <polacek@redhat.com> + * c-ubsan.c (ubsan_instrument_division): Remove unnecessary code. + (ubsan_instrument_shift): Likewise. + +2015-09-25 Marek Polacek <polacek@redhat.com> + PR sanitizer/64906 * c-ubsan.c (ubsan_instrument_division): Also pre-evaluate OP1. diff --git a/gcc/c-family/c-ubsan.c b/gcc/c-family/c-ubsan.c index d2bc264f632..672762c2aa0 100644 --- a/gcc/c-family/c-ubsan.c +++ b/gcc/c-family/c-ubsan.c @@ -89,20 +89,7 @@ ubsan_instrument_division (location_t loc, tree op0, tree op1) return NULL_TREE; /* In case we have a SAVE_EXPR in a conditional context, we need to - make sure it gets evaluated before the condition. If the OP0 is - an instrumented array reference, mark it as having side effects so - it's not folded away. */ - if (flag_sanitize & SANITIZE_BOUNDS) - { - tree xop0 = op0; - while (CONVERT_EXPR_P (xop0)) - xop0 = TREE_OPERAND (xop0, 0); - if (TREE_CODE (xop0) == ARRAY_REF) - { - TREE_SIDE_EFFECTS (xop0) = 1; - TREE_SIDE_EFFECTS (op0) = 1; - } - } + make sure it gets evaluated before the condition. */ t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), unshare_expr (op0), t); t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), unshare_expr (op1), t); if (flag_sanitize_undefined_trap_on_error) @@ -187,20 +174,7 @@ ubsan_instrument_shift (location_t loc, enum tree_code code, return NULL_TREE; /* In case we have a SAVE_EXPR in a conditional context, we need to - make sure it gets evaluated before the condition. If the OP0 is - an instrumented array reference, mark it as having side effects so - it's not folded away. */ - if (flag_sanitize & SANITIZE_BOUNDS) - { - tree xop0 = op0; - while (CONVERT_EXPR_P (xop0)) - xop0 = TREE_OPERAND (xop0, 0); - if (TREE_CODE (xop0) == ARRAY_REF) - { - TREE_SIDE_EFFECTS (xop0) = 1; - TREE_SIDE_EFFECTS (op0) = 1; - } - } + make sure it gets evaluated before the condition. */ t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), unshare_expr (op0), t); t = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, t, tt ? tt : integer_zero_node); diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index cfa23c659b8..ee4661ac6b9 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,5 +1,10 @@ 2015-09-25 Marek Polacek <polacek@redhat.com> + * c-c++-common/ubsan/bounds-11.c: New test. + * c-c++-common/ubsan/bounds-12.c: New test. + +2015-09-25 Marek Polacek <polacek@redhat.com> + PR sanitizer/64906 * c-c++-common/ubsan/pr64906.c: New test. diff --git a/gcc/testsuite/c-c++-common/ubsan/bounds-11.c b/gcc/testsuite/c-c++-common/ubsan/bounds-11.c new file mode 100644 index 00000000000..c3e0f220dc4 --- /dev/null +++ b/gcc/testsuite/c-c++-common/ubsan/bounds-11.c @@ -0,0 +1,23 @@ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds" } */ + +struct S +{ + unsigned long a[1]; + int l; +}; + +static inline unsigned long +fn (const struct S *s, int i) +{ + return s->a[i] / i; +} + +int +main () +{ + struct S s; + fn (&s, 1); +} + +/* { dg-output "index 1 out of bounds for type 'long unsigned int \\\[1\\\]'" } */ diff --git a/gcc/testsuite/c-c++-common/ubsan/bounds-12.c b/gcc/testsuite/c-c++-common/ubsan/bounds-12.c new file mode 100644 index 00000000000..3cd3a4abb49 --- /dev/null +++ b/gcc/testsuite/c-c++-common/ubsan/bounds-12.c @@ -0,0 +1,23 @@ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds" } */ + +struct S +{ + unsigned long a[1]; + int l; +}; + +static inline unsigned long +fn (const struct S *s, int i) +{ + return s->a[i] << i; +} + +int +main () +{ + struct S s; + fn (&s, 1); +} + +/* { dg-output "index 1 out of bounds for type 'long unsigned int \\\[1\\\]'" } */ |