[Bug sanitizer/63802] New: UBSan doesn't catch misaligned access if address is 16-bytes (or more) aligned

[Bug sanitizer/63802] New: UBSan doesn't catch misaligned access if address is 16-bytes (or more) aligned

[ryabinin.a.a at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63802

            Bug ID: 63802
           Summary: UBSan doesn't catch misaligned access if address is
                    16-bytes (or more) aligned
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: ryabinin.a.a at gmail dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org,
                    mpolacek at gcc dot gnu.org

Created attachment 33929
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33929&action=edit
Repro case

Let's say we have struct that requires 64-bytes alignment.

struct test_struct {
  unsigned long a;
  int b;
} __attribute__((__aligned__(64)));


UBSan will not catch misaligned access if address of such struct is 16 bytes
aligned.

If address is not aligned to 16 bytes, UBSan will catch it, but alignment in
report is wrong (16 instead of 64):

misaligned_test.c:14:80: runtime error: member access within misaligned address
0x0000006011cf for type 'struct test_struct', which requires 16 byte alignment
0x0000006011cf: note: pointer points here
 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00
00 00 00 00  00 00 00
             ^

[Bug sanitizer/63802] UBSan doesn't catch misaligned access if address is 16-bytes (or more) aligned

[y.gribov at samsung dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63802

Yury Gribov <y.gribov at samsung dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |y.gribov at samsung dot com

--- Comment #1 from Yury Gribov <y.gribov at samsung dot com> ---
Hm, it looks like UBSan uses min_align_of_type to caclulate alignment of
access. This is limited by BIGGEST_ALIGNMENT which is 16 bytes on x86. Any
particular reason we are not using TYPE_ALIGN_UNIT? Being unable to verify user
alignments makes this check much less useful.

[Bug sanitizer/63802] UBSan doesn't catch misaligned access if address is 16-bytes (or more) aligned

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63802

--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Supposedly for TYPE_USER_ALIGN we could use TYPE_ALIGN_UNIT, but for other
types we need to use min_align_of_type, otherwise we mishandle e.g. long long
on i?86, which has TYPE_ALIGN_UNIT of 8, but when in struct is only 4 byte
aligned, thus we can't assert 8 byte alignment for all long long *
dereferences.

[Bug sanitizer/63802] UBSan doesn't catch misaligned access if address is 16-bytes (or more) aligned

[y.gribov at samsung dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63802

--- Comment #3 from Yury Gribov <y.gribov at samsung dot com> ---
Agreed, I'll cook a patch for tomorrow then.

[Bug sanitizer/63802] UBSan doesn't catch misaligned access if address is 16-bytes (or more) aligned

[ygribov at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63802

--- Comment #4 from ygribov at gcc dot gnu.org ---
Author: ygribov
Date: Tue Nov 18 07:37:17 2014
New Revision: 217689

URL: https://gcc.gnu.org/viewcvs?rev=217689&root=gcc&view=rev
Log:
2014-11-18  Yury Gribov  <y.gribov@samsung.com>

    PR sanitizer/63802

gcc/
    * stor-layout.c (min_align_of_type): Respect user alignment
    more.

gcc/testsuite/
    * c-c++-common/ubsan/pr63802.c: New test.

Added:
    trunk/gcc/testsuite/c-c++-common/ubsan/pr63802.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/stor-layout.c
    trunk/gcc/testsuite/ChangeLog