From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 6EA083939E35; Mon, 12 Dec 2022 12:45:31 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6EA083939E35 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1670849131; bh=HJRd+YQKQjXO6Riu1jFr+lrVP4R3/P2Wx0vIs7fvbsc=; h=From:To:Subject:Date:In-Reply-To:References:From; b=G4RHn4VoXJwMYMGpJ7RdPdupc3/LUCkQFkjFeyHN3C8oFmoqkRv+xB1dbFndCT+q1 Ri2GgxtfiBBBp3/YEpXfaaM6Y9v8V+1gwVHNXef1yZZUMHwHU9uokBBrNJ/I322FFS rAe/Ngj6WUAnGVO7KWlbRUpOEhNBdIv33V0bHw4A= From: "marxin at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/108060] UBsan missed an out-of-bound bug at -O0 since r7-1900-g8a1b7b7fd75a3847 Date: Mon, 12 Dec 2022 12:45:30 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: marxin at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cf_reconfirmed_on cc short_desc everconfirmed bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108060 Martin Li=C5=A1ka changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed| |2022-12-12 CC| |jason at gcc dot gnu.org Summary|UBsan missed an |UBsan missed an |out-of-bound bug at -O0 |out-of-bound bug at -O0 | |since | |r7-1900-g8a1b7b7fd75a3847 Ever confirmed|0 |1 Status|UNCONFIRMED |NEW --- Comment #1 from Martin Li=C5=A1ka --- Confirmed. So it started with r7-1900-g8a1b7b7fd75a3847 where the array is accessed before UBSAN check: gcc pr108060.c -fsanitize=3Dundefined -fdump-tree-gimple=3D/dev/stdout int main () { int D.2422; int D.2423; { b =3D -32768; b.0_1 =3D b; _2 =3D (int) b.0_1; _3 =3D a[_2]; <--- load happens here c.1_4 =3D c; _5 =3D (int) c.1_4; b.2_6 =3D b; D.2422 =3D (int) b.2_6; .UBSAN_BOUNDS (0B, D.2422, 7); _7 =3D _3 | _5; a[D.2422] =3D _7; } D.2423 =3D 0; return D.2423; } thus we crashes before the .UBSAN_BOUNDS happens. Before the revision we emitted: { b =3D -4169; b.0_1 =3D b; D.2074 =3D (int) b.0_1; UBSAN_BOUNDS (0B, D.2074, 7); b.1_2 =3D b; _3 =3D (int) b.1_2; _4 =3D a[_3]; _5 =3D _4 | 1; a[D.2074] =3D _5; }=