diff options
-rw-r--r-- | gcc/c-family/ChangeLog | 5 | ||||
-rw-r--r-- | gcc/c-family/c-ubsan.c | 30 | ||||
-rw-r--r-- | gcc/testsuite/ChangeLog | 5 | ||||
-rw-r--r-- | gcc/testsuite/c-c++-common/ubsan/bounds-11.c | 23 | ||||
-rw-r--r-- | gcc/testsuite/c-c++-common/ubsan/bounds-12.c | 23 |
5 files changed, 58 insertions, 28 deletions
diff --git a/gcc/c-family/ChangeLog b/gcc/c-family/ChangeLog index b9feff6..32d0d25 100644 --- a/gcc/c-family/ChangeLog +++ b/gcc/c-family/ChangeLog @@ -1,5 +1,10 @@ 2015-09-25 Marek Polacek <polacek@redhat.com> + * c-ubsan.c (ubsan_instrument_division): Remove unnecessary code. + (ubsan_instrument_shift): Likewise. + +2015-09-25 Marek Polacek <polacek@redhat.com> + PR sanitizer/64906 * c-ubsan.c (ubsan_instrument_division): Also pre-evaluate OP1. diff --git a/gcc/c-family/c-ubsan.c b/gcc/c-family/c-ubsan.c index d2bc264..672762c 100644 --- a/gcc/c-family/c-ubsan.c +++ b/gcc/c-family/c-ubsan.c @@ -89,20 +89,7 @@ ubsan_instrument_division (location_t loc, tree op0, tree op1) return NULL_TREE; /* In case we have a SAVE_EXPR in a conditional context, we need to - make sure it gets evaluated before the condition. If the OP0 is - an instrumented array reference, mark it as having side effects so - it's not folded away. */ - if (flag_sanitize & SANITIZE_BOUNDS) - { - tree xop0 = op0; - while (CONVERT_EXPR_P (xop0)) - xop0 = TREE_OPERAND (xop0, 0); - if (TREE_CODE (xop0) == ARRAY_REF) - { - TREE_SIDE_EFFECTS (xop0) = 1; - TREE_SIDE_EFFECTS (op0) = 1; - } - } + make sure it gets evaluated before the condition. */ t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), unshare_expr (op0), t); t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), unshare_expr (op1), t); if (flag_sanitize_undefined_trap_on_error) @@ -187,20 +174,7 @@ ubsan_instrument_shift (location_t loc, enum tree_code code, return NULL_TREE; /* In case we have a SAVE_EXPR in a conditional context, we need to - make sure it gets evaluated before the condition. If the OP0 is - an instrumented array reference, mark it as having side effects so - it's not folded away. */ - if (flag_sanitize & SANITIZE_BOUNDS) - { - tree xop0 = op0; - while (CONVERT_EXPR_P (xop0)) - xop0 = TREE_OPERAND (xop0, 0); - if (TREE_CODE (xop0) == ARRAY_REF) - { - TREE_SIDE_EFFECTS (xop0) = 1; - TREE_SIDE_EFFECTS (op0) = 1; - } - } + make sure it gets evaluated before the condition. */ t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), unshare_expr (op0), t); t = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, t, tt ? tt : integer_zero_node); diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index cfa23c6..ee4661a 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,5 +1,10 @@ 2015-09-25 Marek Polacek <polacek@redhat.com> + * c-c++-common/ubsan/bounds-11.c: New test. + * c-c++-common/ubsan/bounds-12.c: New test. + +2015-09-25 Marek Polacek <polacek@redhat.com> + PR sanitizer/64906 * c-c++-common/ubsan/pr64906.c: New test. diff --git a/gcc/testsuite/c-c++-common/ubsan/bounds-11.c b/gcc/testsuite/c-c++-common/ubsan/bounds-11.c new file mode 100644 index 0000000..c3e0f22 --- /dev/null +++ b/gcc/testsuite/c-c++-common/ubsan/bounds-11.c @@ -0,0 +1,23 @@ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds" } */ + +struct S +{ + unsigned long a[1]; + int l; +}; + +static inline unsigned long +fn (const struct S *s, int i) +{ + return s->a[i] / i; +} + +int +main () +{ + struct S s; + fn (&s, 1); +} + +/* { dg-output "index 1 out of bounds for type 'long unsigned int \\\[1\\\]'" } */ diff --git a/gcc/testsuite/c-c++-common/ubsan/bounds-12.c b/gcc/testsuite/c-c++-common/ubsan/bounds-12.c new file mode 100644 index 0000000..3cd3a4a --- /dev/null +++ b/gcc/testsuite/c-c++-common/ubsan/bounds-12.c @@ -0,0 +1,23 @@ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds" } */ + +struct S +{ + unsigned long a[1]; + int l; +}; + +static inline unsigned long +fn (const struct S *s, int i) +{ + return s->a[i] << i; +} + +int +main () +{ + struct S s; + fn (&s, 1); +} + +/* { dg-output "index 1 out of bounds for type 'long unsigned int \\\[1\\\]'" } */ |