public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
* [gcc r13-4988] ubsan: Avoid narrowing of multiply for -fsanitize=signed-integer-overflow [PR108256]
@ 2023-01-04 9:53 Jakub Jelinek
0 siblings, 0 replies; only message in thread
From: Jakub Jelinek @ 2023-01-04 9:53 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:8692b15ae7c05e3224f285069e070c009d9f6efe
commit r13-4988-g8692b15ae7c05e3224f285069e070c009d9f6efe
Author: Jakub Jelinek <jakub@redhat.com>
Date: Wed Jan 4 10:52:49 2023 +0100
ubsan: Avoid narrowing of multiply for -fsanitize=signed-integer-overflow [PR108256]
We shouldn't narrow multiplications originally done in signed types,
because the original multiplication might overflow but the narrowed
one will be done in unsigned arithmetics and will never overflow.
2023-01-04 Jakub Jelinek <jakub@redhat.com>
PR sanitizer/108256
* convert.cc (do_narrow): Punt for MULT_EXPR if original
type doesn't wrap around and -fsanitize=signed-integer-overflow
is on.
* fold-const.cc (fold_unary_loc) <CASE_CONVERT>: Likewise.
* c-c++-common/ubsan/pr108256.c: New test.
Diff:
---
gcc/convert.cc | 8 ++++++++
gcc/fold-const.cc | 4 +++-
gcc/testsuite/c-c++-common/ubsan/pr108256.c | 27 +++++++++++++++++++++++++++
3 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/gcc/convert.cc b/gcc/convert.cc
index a882c67d7c1..fe85bcb3323 100644
--- a/gcc/convert.cc
+++ b/gcc/convert.cc
@@ -384,6 +384,14 @@ do_narrow (location_t loc,
&& sanitize_flags_p (SANITIZE_SI_OVERFLOW))
return NULL_TREE;
+ /* Similarly for multiplication, but in that case it can be
+ problematic even if typex is unsigned type - 0xffff * 0xffff
+ overflows in int. */
+ if (ex_form == MULT_EXPR
+ && !TYPE_OVERFLOW_WRAPS (TREE_TYPE (expr))
+ && sanitize_flags_p (SANITIZE_SI_OVERFLOW))
+ return NULL_TREE;
+
/* But now perhaps TYPEX is as wide as INPREC.
In that case, do nothing special here.
(Otherwise would recurse infinitely in convert. */
diff --git a/gcc/fold-const.cc b/gcc/fold-const.cc
index 9ab76fb1079..9aaea71a2fc 100644
--- a/gcc/fold-const.cc
+++ b/gcc/fold-const.cc
@@ -9574,7 +9574,9 @@ fold_unary_loc (location_t loc, enum tree_code code, tree type, tree op0)
if (INTEGRAL_TYPE_P (type)
&& TREE_CODE (op0) == MULT_EXPR
&& INTEGRAL_TYPE_P (TREE_TYPE (op0))
- && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0)))
+ && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0))
+ && (TYPE_OVERFLOW_WRAPS (TREE_TYPE (op0))
+ || !sanitize_flags_p (SANITIZE_SI_OVERFLOW)))
{
/* Be careful not to introduce new overflows. */
tree mult_type;
diff --git a/gcc/testsuite/c-c++-common/ubsan/pr108256.c b/gcc/testsuite/c-c++-common/ubsan/pr108256.c
new file mode 100644
index 00000000000..c4054aa0832
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/pr108256.c
@@ -0,0 +1,27 @@
+/* PR sanitizer/108256 */
+/* { dg-do run { target { lp64 || ilp32 } } } */
+/* { dg-options "-fsanitize=signed-integer-overflow" } */
+
+unsigned short
+foo (unsigned short x, unsigned short y)
+{
+ return x * y;
+}
+
+unsigned short
+bar (unsigned short x, unsigned short y)
+{
+ int r = x * y;
+ return r;
+}
+
+int
+main ()
+{
+ volatile unsigned short a = foo (0xffff, 0xffff);
+ volatile unsigned short b = bar (0xfffe, 0xfffe);
+ return 0;
+}
+
+/* { dg-output "signed integer overflow: 65535 \\\* 65535 cannot be represented in type 'int'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*signed integer overflow: 65534 \\\* 65534 cannot be represented in type 'int'" } */
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-01-04 9:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-04 9:53 [gcc r13-4988] ubsan: Avoid narrowing of multiply for -fsanitize=signed-integer-overflow [PR108256] Jakub Jelinek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).