public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
* [gcc r12-7917] ubsan: Fix ICE due to -fsanitize=object-size [PR105093]
@ 2022-03-30 8:50 Jakub Jelinek
0 siblings, 0 replies; only message in thread
From: Jakub Jelinek @ 2022-03-30 8:50 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:e3e68fa59ead502c24950298b53c637bbe535a74
commit r12-7917-ge3e68fa59ead502c24950298b53c637bbe535a74
Author: Jakub Jelinek <jakub@redhat.com>
Date: Wed Mar 30 10:49:47 2022 +0200
ubsan: Fix ICE due to -fsanitize=object-size [PR105093]
The following testcase ICEs, because for a volatile X & RESULT_DECL
ubsan wants to take address of that reference. instrument_object_size
is called with x, so the base is equal to the access and the var
is automatic, so there is no risk of an out of bounds access for it.
Normally we wouldn't instrument those because we fold address of the
t - address of inner to 0, add constant size of the decl and it is
equal to what __builtin_object_size computes. But the volatile
results in the subtraction not being folded.
The first hunk fixes it by punting if we access the whole automatic
decl, so that even volatile won't cause a problem.
The second hunk (not strictly needed for this testcase) is similar
to what has been added to asan.cc recently, if we actually take
address of a decl and keep it in the IL, we better mark it addressable.
2022-03-30 Jakub Jelinek <jakub@redhat.com>
PR sanitizer/105093
* ubsan.cc (instrument_object_size): If t is equal to inner and
is a decl other than global var, punt. When emitting call to
UBSAN_OBJECT_SIZE ifn, make sure base is addressable.
* g++.dg/ubsan/pr105093.C: New test.
Diff:
---
gcc/testsuite/g++.dg/ubsan/pr105093.C | 12 ++++++++++++
gcc/ubsan.cc | 7 +++++++
2 files changed, 19 insertions(+)
diff --git a/gcc/testsuite/g++.dg/ubsan/pr105093.C b/gcc/testsuite/g++.dg/ubsan/pr105093.C
new file mode 100644
index 00000000000..49f75ed69cf
--- /dev/null
+++ b/gcc/testsuite/g++.dg/ubsan/pr105093.C
@@ -0,0 +1,12 @@
+// PR sanitizer/105093
+// { dg-do compile }
+// { dg-options "-O2 -fsanitize=undefined -Wno-volatile" }
+
+struct X { X (); ~X (); };
+
+volatile X
+foo ()
+{
+ X x;
+ return x;
+}
diff --git a/gcc/ubsan.cc b/gcc/ubsan.cc
index a858994c841..0f5b372b195 100644
--- a/gcc/ubsan.cc
+++ b/gcc/ubsan.cc
@@ -2123,6 +2123,8 @@ instrument_object_size (gimple_stmt_iterator *gsi, tree t, bool is_lhs)
|| TREE_CODE (inner) == RESULT_DECL)
&& DECL_REGISTER (inner))
return;
+ if (t == inner && !is_global_var (t))
+ return;
base = inner;
}
else if (TREE_CODE (inner) == MEM_REF)
@@ -2219,6 +2221,11 @@ instrument_object_size (gimple_stmt_iterator *gsi, tree t, bool is_lhs)
}
}
+ if (DECL_P (base)
+ && decl_function_context (base) == current_function_decl
+ && !TREE_ADDRESSABLE (base))
+ mark_addressable (base);
+
if (bos_stmt && gimple_call_builtin_p (bos_stmt, BUILT_IN_OBJECT_SIZE))
ubsan_create_edge (bos_stmt);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-03-30 8:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-30 8:50 [gcc r12-7917] ubsan: Fix ICE due to -fsanitize=object-size [PR105093] Jakub Jelinek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).