From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 5CABE3858CDB; Mon, 27 Feb 2023 20:18:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5CABE3858CDB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1677529089; bh=qFuRCV6tFKM1XHYbCfu7entlS+1M4Qv1urLNAQyH1i8=; h=From:To:Subject:Date:In-Reply-To:References:From; b=T9OtmO0sm+7VLDd9v4onLirr4LW0VBWSsO4Ujb9y3YAFrWmPzx4Kzl/xmsxBlC7rV Ryhc10uSZVTvoT3mGF0lXjc6+/CZuadyhDjrl3NT8oJyes0lpLLrZgV/uFDC0XiVrk 64kmxqRrMrhFtw3cni+gTse41zTlEOgyJzJv+FY4= From: "qinzhao at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/108894] -fsanitize=bounds missing bounds provided by __builtin_dynamic_object_size() Date: Mon, 27 Feb 2023 20:18:08 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: qinzhao at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108894 --- Comment #13 from qinzhao at gcc dot gnu.org --- (In reply to Jakub Jelinek from comment #12) > Created attachment 54547 [details] > gcc13-pr108894.patch >=20 > Untested fix. several comments on the patch: 1. should the documentation of -fsanitize=3Dbounds and -fsanitize=3Dstrict-= bounds be updated to reflect the interaction with -fstrict-flex-arrays=3DN? 2. there are several routines in c-decl.cc: static bool flexible_array_member_type_p (const_tree type); static bool one_element_array_type_p (const_tree type); static bool zero_length_array_type_p (const_tree type); can they be generalized as well to be used in the routine=20 "ubsan_instrument_bounds" to check for [], [0], or [1]? (in the patch lines from 405 to 442).=20 3. could you add comments for lines (I guess they are for [0])? 370 if (!bound) 371 bound =3D fold_build2 (PLUS_EXPR, TREE_TYPE (bound), bound, 3= 71=20=20=20=20 { 372 build_int_cst (TREE_TYPE (bound), 1)); 372= =20=20=20=20 if (!c_dialect_cxx () 373 && COMPLETE_TYPE_P (type) 374 && integer_zerop (TYPE_SIZE (type))) 375 bound =3D build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)= ), -1); 376 else 377 return NULL_TREE; 378 }=