[PATCH] Fix UB in tree-chkp.c

[PATCH] Fix UB in tree-chkp.c

[Jakub Jelinek]

Hi!

bootstrap-ubsan shows a couple of:
../../gcc/tree-chkp.c:694:37: runtime error: shift exponent 63 is too large for 32-bit type 'int'
errors.

1 << (TYPE_PRECISION (ptr_type_node) - 1)
should have been obviously
HOST_WIDE_INT_1U << (TYPE_PRECISION (ptr_type_node) - 1)
but even then, it is 1) unnecessarily complicated and expensive way
to create a pointer with just the MSB bit set and all other clear and
2) will not work if ptr_type_node has higher precision than HWI (just
theoretical possibility now)
For 1), e.g. fold_convert (ptr_type_node, integer_zero_node) is
better written as build_int_cst (ptr_type_node, 0), but still
we can actually avoid the fold_build_pointer_plus_hwi and folding
it altogether.

Bootstrapped/regtested on x86_64-linux and i686-linux (both normal
and bootstrap-ubsan), ok for trunk?

2017-07-19  Jakub Jelinek  <jakub@redhat.com>

	* tree-chkp.c (chkp_get_hard_register_var_fake_base_address):
	Rewritten to avoid overflow for > 32-bit pointers.

--- gcc/tree-chkp.c.jj	2017-06-12 12:41:55.000000000 +0200
+++ gcc/tree-chkp.c	2017-06-19 12:57:24.670478544 +0200
@@ -690,9 +690,8 @@ chkp_erase_completed_bounds (void)
 static tree
 chkp_get_hard_register_var_fake_base_address ()
 {
-  tree base = fold_convert (ptr_type_node, integer_zero_node);
-  unsigned HOST_WIDE_INT offset = 1 << (TYPE_PRECISION (ptr_type_node) - 1);
-  return fold_build_pointer_plus_hwi (base, offset);
+  int prec = TYPE_PRECISION (ptr_type_node);
+  return wide_int_to_tree (ptr_type_node, wi::min_value (prec, SIGNED));
 }
 
 /* If we check bounds for a hard register variable, we cannot


	Jakub

Re: [PATCH] Fix UB in tree-chkp.c

[Ilya Enkovich]

2017-06-19 20:43 GMT+03:00 Jakub Jelinek <jakub@redhat.com>:
> Hi!
>
> bootstrap-ubsan shows a couple of:
> ../../gcc/tree-chkp.c:694:37: runtime error: shift exponent 63 is too large for 32-bit type 'int'
> errors.
>
> 1 << (TYPE_PRECISION (ptr_type_node) - 1)
> should have been obviously
> HOST_WIDE_INT_1U << (TYPE_PRECISION (ptr_type_node) - 1)
> but even then, it is 1) unnecessarily complicated and expensive way
> to create a pointer with just the MSB bit set and all other clear and
> 2) will not work if ptr_type_node has higher precision than HWI (just
> theoretical possibility now)
> For 1), e.g. fold_convert (ptr_type_node, integer_zero_node) is
> better written as build_int_cst (ptr_type_node, 0), but still
> we can actually avoid the fold_build_pointer_plus_hwi and folding
> it altogether.
>
> Bootstrapped/regtested on x86_64-linux and i686-linux (both normal
> and bootstrap-ubsan), ok for trunk?

OK. Thanks for the fix!

Ilya

>
> 2017-07-19  Jakub Jelinek  <jakub@redhat.com>
>
>         * tree-chkp.c (chkp_get_hard_register_var_fake_base_address):
>         Rewritten to avoid overflow for > 32-bit pointers.
>
> --- gcc/tree-chkp.c.jj  2017-06-12 12:41:55.000000000 +0200
> +++ gcc/tree-chkp.c     2017-06-19 12:57:24.670478544 +0200
> @@ -690,9 +690,8 @@ chkp_erase_completed_bounds (void)
>  static tree
>  chkp_get_hard_register_var_fake_base_address ()
>  {
> -  tree base = fold_convert (ptr_type_node, integer_zero_node);
> -  unsigned HOST_WIDE_INT offset = 1 << (TYPE_PRECISION (ptr_type_node) - 1);
> -  return fold_build_pointer_plus_hwi (base, offset);
> +  int prec = TYPE_PRECISION (ptr_type_node);
> +  return wide_int_to_tree (ptr_type_node, wi::min_value (prec, SIGNED));
>  }
>
>  /* If we check bounds for a hard register variable, we cannot
>
>
>         Jakub