* [PATCH] Another extract_muldiv-induced overflow (PR sanitizer/80932)
@ 2017-06-06 10:31 Marek Polacek
2017-06-07 2:37 ` Jeff Law
0 siblings, 1 reply; 2+ messages in thread
From: Marek Polacek @ 2017-06-06 10:31 UTC (permalink / raw)
To: GCC Patches
Another case of extract_muldiv running off the rails. Here it did a wrong
distribution; turning
((A * x) - (B * x)) * -6
into
(A' * x) - (B' * x)
incurred an overflow in the subtraction. The fix is essentially the same
as what I did in sanitizer/80800.
Bootstrapped/regtested on x86_64-linux, ok for trunk/7/6?
2017-06-06 Marek Polacek <polacek@redhat.com>
PR sanitizer/80932
* fold-const.c (extract_muldiv_1) <case MINUS_EXPR>: Add
TYPE_OVERFLOW_WRAPS check.
* c-c++-common/ubsan/pr80932.c: New test.
diff --git gcc/fold-const.c gcc/fold-const.c
index b0d03c9..f3975c7 100644
--- gcc/fold-const.c
+++ gcc/fold-const.c
@@ -6178,6 +6178,7 @@ extract_muldiv_1 (tree t, tree c, enum tree_code code, tree wide_type,
t1 = extract_muldiv (op0, c, code, wide_type, &sub_strict_overflow_p);
t2 = extract_muldiv (op1, c, code, wide_type, &sub_strict_overflow_p);
if (t1 != 0 && t2 != 0
+ && TYPE_OVERFLOW_WRAPS (ctype)
&& (code == MULT_EXPR
/* If not multiplication, we can only do this if both operands
are divisible by c. */
diff --git gcc/testsuite/c-c++-common/ubsan/pr80932.c gcc/testsuite/c-c++-common/ubsan/pr80932.c
index e69de29..a833712 100644
--- gcc/testsuite/c-c++-common/ubsan/pr80932.c
+++ gcc/testsuite/c-c++-common/ubsan/pr80932.c
@@ -0,0 +1,17 @@
+/* PR sanitizer/80932 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=undefined -fsanitize-undefined-trap-on-error" } */
+
+int x = 1;
+
+long int
+foo (void)
+{
+ return ((long) (13801962912760474560ULL * x) - (long) (15334142073106273231ULL * x)) * -6;
+}
+
+int
+main ()
+{
+ foo ();
+}
Marek
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Another extract_muldiv-induced overflow (PR sanitizer/80932)
2017-06-06 10:31 [PATCH] Another extract_muldiv-induced overflow (PR sanitizer/80932) Marek Polacek
@ 2017-06-07 2:37 ` Jeff Law
0 siblings, 0 replies; 2+ messages in thread
From: Jeff Law @ 2017-06-07 2:37 UTC (permalink / raw)
To: Marek Polacek, GCC Patches
On 06/06/2017 04:31 AM, Marek Polacek wrote:
> Another case of extract_muldiv running off the rails. Here it did a wrong
> distribution; turning
>
> ((A * x) - (B * x)) * -6
>
> into
>
> (A' * x) - (B' * x)
>
> incurred an overflow in the subtraction. The fix is essentially the same
> as what I did in sanitizer/80800.
>
> Bootstrapped/regtested on x86_64-linux, ok for trunk/7/6?
>
> 2017-06-06 Marek Polacek <polacek@redhat.com>
>
> PR sanitizer/80932
> * fold-const.c (extract_muldiv_1) <case MINUS_EXPR>: Add
> TYPE_OVERFLOW_WRAPS check.
>
> * c-c++-common/ubsan/pr80932.c: New test.
OK
jeff
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-06-07 2:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-06 10:31 [PATCH] Another extract_muldiv-induced overflow (PR sanitizer/80932) Marek Polacek
2017-06-07 2:37 ` Jeff Law
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).