public inbox for gcc-cvs@sourceware.org help / color / mirror / Atom feed
From: Jakub Jelinek <jakub@gcc.gnu.org> To: gcc-cvs@gcc.gnu.org Subject: [gcc r11-9741] ubsan: Fix ICE due to -fsanitize=object-size [PR105093] Date: Wed, 30 Mar 2022 08:53:04 +0000 (GMT) [thread overview] Message-ID: <20220330085304.A79743858405@sourceware.org> (raw) https://gcc.gnu.org/g:76a8ab576dbbe14b5a11e9feb454c3ca2f9b7e97 commit r11-9741-g76a8ab576dbbe14b5a11e9feb454c3ca2f9b7e97 Author: Jakub Jelinek <jakub@redhat.com> Date: Wed Mar 30 10:49:47 2022 +0200 ubsan: Fix ICE due to -fsanitize=object-size [PR105093] The following testcase ICEs, because for a volatile X & RESULT_DECL ubsan wants to take address of that reference. instrument_object_size is called with x, so the base is equal to the access and the var is automatic, so there is no risk of an out of bounds access for it. Normally we wouldn't instrument those because we fold address of the t - address of inner to 0, add constant size of the decl and it is equal to what __builtin_object_size computes. But the volatile results in the subtraction not being folded. The first hunk fixes it by punting if we access the whole automatic decl, so that even volatile won't cause a problem. The second hunk (not strictly needed for this testcase) is similar to what has been added to asan.cc recently, if we actually take address of a decl and keep it in the IL, we better mark it addressable. 2022-03-30 Jakub Jelinek <jakub@redhat.com> PR sanitizer/105093 * ubsan.c (instrument_object_size): If t is equal to inner and is a decl other than global var, punt. When emitting call to UBSAN_OBJECT_SIZE ifn, make sure base is addressable. * g++.dg/ubsan/pr105093.C: New test. (cherry picked from commit e3e68fa59ead502c24950298b53c637bbe535a74) Diff: --- gcc/testsuite/g++.dg/ubsan/pr105093.C | 12 ++++++++++++ gcc/ubsan.c | 7 +++++++ 2 files changed, 19 insertions(+) diff --git a/gcc/testsuite/g++.dg/ubsan/pr105093.C b/gcc/testsuite/g++.dg/ubsan/pr105093.C new file mode 100644 index 00000000000..49f75ed69cf --- /dev/null +++ b/gcc/testsuite/g++.dg/ubsan/pr105093.C @@ -0,0 +1,12 @@ +// PR sanitizer/105093 +// { dg-do compile } +// { dg-options "-O2 -fsanitize=undefined -Wno-volatile" } + +struct X { X (); ~X (); }; + +volatile X +foo () +{ + X x; + return x; +} diff --git a/gcc/ubsan.c b/gcc/ubsan.c index 8500d3de181..04e8c1552a7 100644 --- a/gcc/ubsan.c +++ b/gcc/ubsan.c @@ -2123,6 +2123,8 @@ instrument_object_size (gimple_stmt_iterator *gsi, tree t, bool is_lhs) || TREE_CODE (inner) == RESULT_DECL) && DECL_REGISTER (inner)) return; + if (t == inner && !is_global_var (t)) + return; base = inner; } else if (TREE_CODE (inner) == MEM_REF) @@ -2220,6 +2222,11 @@ instrument_object_size (gimple_stmt_iterator *gsi, tree t, bool is_lhs) } } + if (DECL_P (base) + && decl_function_context (base) == current_function_decl + && !TREE_ADDRESSABLE (base)) + mark_addressable (base); + if (bos_stmt && gimple_call_builtin_p (bos_stmt, BUILT_IN_OBJECT_SIZE)) ubsan_create_edge (bos_stmt);
reply other threads:[~2022-03-30 8:53 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220330085304.A79743858405@sourceware.org \ --to=jakub@gcc.gnu.org \ --cc=gcc-cvs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).