diff options
| author | Jakub Jelinek <jakub@redhat.com> | 2023-01-04 10:52:49 +0100 |
|---|---|---|
| committer | Jakub Jelinek <jakub@redhat.com> | 2023-01-04 10:52:49 +0100 |
| commit | 8692b15ae7c05e3224f285069e070c009d9f6efe (patch) | |
| tree | 72c7c7360e12e17add721f5b3d82c54a872151ff /gcc | |
| parent | 44baa34157cf81306be23eacece751aa020985d4 (diff) | |
| download | gcc-8692b15ae7c05e3224f285069e070c009d9f6efe.zip gcc-8692b15ae7c05e3224f285069e070c009d9f6efe.tar.gz gcc-8692b15ae7c05e3224f285069e070c009d9f6efe.tar.bz2 | |
ubsan: Avoid narrowing of multiply for -fsanitize=signed-integer-overflow [PR108256]
We shouldn't narrow multiplications originally done in signed types,
because the original multiplication might overflow but the narrowed
one will be done in unsigned arithmetics and will never overflow.
2023-01-04 Jakub Jelinek <jakub@redhat.com>
PR sanitizer/108256
* convert.cc (do_narrow): Punt for MULT_EXPR if original
type doesn't wrap around and -fsanitize=signed-integer-overflow
is on.
* fold-const.cc (fold_unary_loc) <CASE_CONVERT>: Likewise.
* c-c++-common/ubsan/pr108256.c: New test.
Diffstat (limited to 'gcc')
| -rw-r--r-- | gcc/convert.cc | 8 | ||||
| -rw-r--r-- | gcc/fold-const.cc | 4 | ||||
| -rw-r--r-- | gcc/testsuite/c-c++-common/ubsan/pr108256.c | 27 |
3 files changed, 38 insertions, 1 deletions
diff --git a/gcc/convert.cc b/gcc/convert.cc index a882c67..fe85bcb 100644 --- a/gcc/convert.cc +++ b/gcc/convert.cc @@ -384,6 +384,14 @@ do_narrow (location_t loc, && sanitize_flags_p (SANITIZE_SI_OVERFLOW)) return NULL_TREE; + /* Similarly for multiplication, but in that case it can be + problematic even if typex is unsigned type - 0xffff * 0xffff + overflows in int. */ + if (ex_form == MULT_EXPR + && !TYPE_OVERFLOW_WRAPS (TREE_TYPE (expr)) + && sanitize_flags_p (SANITIZE_SI_OVERFLOW)) + return NULL_TREE; + /* But now perhaps TYPEX is as wide as INPREC. In that case, do nothing special here. (Otherwise would recurse infinitely in convert. */ diff --git a/gcc/fold-const.cc b/gcc/fold-const.cc index 9ab76fb..9aaea71 100644 --- a/gcc/fold-const.cc +++ b/gcc/fold-const.cc @@ -9574,7 +9574,9 @@ fold_unary_loc (location_t loc, enum tree_code code, tree type, tree op0) if (INTEGRAL_TYPE_P (type) && TREE_CODE (op0) == MULT_EXPR && INTEGRAL_TYPE_P (TREE_TYPE (op0)) - && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0))) + && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0)) + && (TYPE_OVERFLOW_WRAPS (TREE_TYPE (op0)) + || !sanitize_flags_p (SANITIZE_SI_OVERFLOW))) { /* Be careful not to introduce new overflows. */ tree mult_type; diff --git a/gcc/testsuite/c-c++-common/ubsan/pr108256.c b/gcc/testsuite/c-c++-common/ubsan/pr108256.c new file mode 100644 index 0000000..c4054aa --- /dev/null +++ b/gcc/testsuite/c-c++-common/ubsan/pr108256.c @@ -0,0 +1,27 @@ +/* PR sanitizer/108256 */ +/* { dg-do run { target { lp64 || ilp32 } } } */ +/* { dg-options "-fsanitize=signed-integer-overflow" } */ + +unsigned short +foo (unsigned short x, unsigned short y) +{ + return x * y; +} + +unsigned short +bar (unsigned short x, unsigned short y) +{ + int r = x * y; + return r; +} + +int +main () +{ + volatile unsigned short a = foo (0xffff, 0xffff); + volatile unsigned short b = bar (0xfffe, 0xfffe); + return 0; +} + +/* { dg-output "signed integer overflow: 65535 \\\* 65535 cannot be represented in type 'int'\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "\[^\n\r]*signed integer overflow: 65534 \\\* 65534 cannot be represented in type 'int'" } */ |