From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jakub@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2153)
	id DDA5D3858D1E; Wed,  4 Jan 2023 09:53:39 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DDA5D3858D1E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1672826019;
	bh=crSVCdnDpxNIiiWeb+X2eY6RBsBYicO8wNHrMD7vLug=;
	h=From:To:Subject:Date:From;
	b=fdC/TKvEMAremgEWsLnKlvvet/x2FazfMlP4yVXKCKJ4x1SEzlVRqTihgmU42zych
	 uscTVHpCUdhrcK2WBPV/TuI6Bw4uv4Jq26O3ferNnNtQwpDeTC8DgIoMpXYxlDpoYV
	 RVS4uOzrBQlT2ahKSEJ6HCNczo0bFEQOgTJ26D2g=
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
From: Jakub Jelinek <jakub@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r13-4988] ubsan: Avoid narrowing of multiply for
 -fsanitize=signed-integer-overflow [PR108256]
X-Act-Checkin: gcc
X-Git-Author: Jakub Jelinek <jakub@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 44baa34157cf81306be23eacece751aa020985d4
X-Git-Newrev: 8692b15ae7c05e3224f285069e070c009d9f6efe
Message-Id: <20230104095339.DDA5D3858D1E@sourceware.org>
Date: Wed,  4 Jan 2023 09:53:39 +0000 (GMT)
List-Id: <gcc-cvs.sourceware.org>

https://gcc.gnu.org/g:8692b15ae7c05e3224f285069e070c009d9f6efe

commit r13-4988-g8692b15ae7c05e3224f285069e070c009d9f6efe
Author: Jakub Jelinek <jakub@redhat.com>
Date:   Wed Jan 4 10:52:49 2023 +0100

    ubsan: Avoid narrowing of multiply for -fsanitize=signed-integer-overflow [PR108256]
    
    We shouldn't narrow multiplications originally done in signed types,
    because the original multiplication might overflow but the narrowed
    one will be done in unsigned arithmetics and will never overflow.
    
    2023-01-04  Jakub Jelinek  <jakub@redhat.com>
    
            PR sanitizer/108256
            * convert.cc (do_narrow): Punt for MULT_EXPR if original
            type doesn't wrap around and -fsanitize=signed-integer-overflow
            is on.
            * fold-const.cc (fold_unary_loc) <CASE_CONVERT>: Likewise.
    
            * c-c++-common/ubsan/pr108256.c: New test.

Diff:
---
 gcc/convert.cc                              |  8 ++++++++
 gcc/fold-const.cc                           |  4 +++-
 gcc/testsuite/c-c++-common/ubsan/pr108256.c | 27 +++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/gcc/convert.cc b/gcc/convert.cc
index a882c67d7c1..fe85bcb3323 100644
--- a/gcc/convert.cc
+++ b/gcc/convert.cc
@@ -384,6 +384,14 @@ do_narrow (location_t loc,
       && sanitize_flags_p (SANITIZE_SI_OVERFLOW))
     return NULL_TREE;
 
+  /* Similarly for multiplication, but in that case it can be
+     problematic even if typex is unsigned type - 0xffff * 0xffff
+     overflows in int.  */
+  if (ex_form == MULT_EXPR
+      && !TYPE_OVERFLOW_WRAPS (TREE_TYPE (expr))
+      && sanitize_flags_p (SANITIZE_SI_OVERFLOW))
+    return NULL_TREE;
+
   /* But now perhaps TYPEX is as wide as INPREC.
      In that case, do nothing special here.
      (Otherwise would recurse infinitely in convert.  */
diff --git a/gcc/fold-const.cc b/gcc/fold-const.cc
index 9ab76fb1079..9aaea71a2fc 100644
--- a/gcc/fold-const.cc
+++ b/gcc/fold-const.cc
@@ -9574,7 +9574,9 @@ fold_unary_loc (location_t loc, enum tree_code code, tree type, tree op0)
       if (INTEGRAL_TYPE_P (type)
 	  && TREE_CODE (op0) == MULT_EXPR
 	  && INTEGRAL_TYPE_P (TREE_TYPE (op0))
-	  && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0)))
+	  && TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (op0))
+	  && (TYPE_OVERFLOW_WRAPS (TREE_TYPE (op0))
+	      || !sanitize_flags_p (SANITIZE_SI_OVERFLOW)))
 	{
 	  /* Be careful not to introduce new overflows.  */
 	  tree mult_type;
diff --git a/gcc/testsuite/c-c++-common/ubsan/pr108256.c b/gcc/testsuite/c-c++-common/ubsan/pr108256.c
new file mode 100644
index 00000000000..c4054aa0832
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/pr108256.c
@@ -0,0 +1,27 @@
+/* PR sanitizer/108256 */
+/* { dg-do run { target { lp64 || ilp32 } } } */
+/* { dg-options "-fsanitize=signed-integer-overflow" } */
+
+unsigned short
+foo (unsigned short x, unsigned short y)
+{
+  return x * y;
+}
+
+unsigned short
+bar (unsigned short x, unsigned short y)
+{
+  int r = x * y;
+  return r;
+}
+
+int
+main ()
+{
+  volatile unsigned short a = foo (0xffff, 0xffff);
+  volatile unsigned short b = bar (0xfffe, 0xfffe);
+  return 0;
+}
+
+/* { dg-output "signed integer overflow: 65535 \\\* 65535 cannot be represented in type 'int'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*signed integer overflow: 65534 \\\* 65534 cannot be represented in type 'int'" } */