From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 56542 invoked by alias); 18 Jan 2019 22:38:46 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 56515 invoked by uid 89); 18 Jan 2019 22:38:45 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-11.9 required=5.0 tests=BAYES_00,GIT_PATCH_2,GIT_PATCH_3,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=sk:cp_buil X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 18 Jan 2019 22:38:43 +0000 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 97CA999CE3 for ; Fri, 18 Jan 2019 22:38:42 +0000 (UTC) Received: from tucnak.zalov.cz (ovpn-116-69.ams2.redhat.com [10.36.116.69]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3BCDC10002B9; Fri, 18 Jan 2019 22:38:42 +0000 (UTC) Received: from tucnak.zalov.cz (localhost [127.0.0.1]) by tucnak.zalov.cz (8.15.2/8.15.2) with ESMTP id x0IMceXu013807; Fri, 18 Jan 2019 23:38:40 +0100 Received: (from jakub@localhost) by tucnak.zalov.cz (8.15.2/8.15.2/Submit) id x0IMcdCx013806; Fri, 18 Jan 2019 23:38:39 +0100 Date: Fri, 18 Jan 2019 22:38:00 -0000 From: Jakub Jelinek To: Jason Merrill Cc: gcc-patches@gcc.gnu.org Subject: [C++ PATCH] Fix -fsanitize=pointer-compare,pointer-subtract ICEs in templates (PR sanitizer/88901) Message-ID: <20190118223838.GV30353@tucnak> Reply-To: Jakub Jelinek MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-IsSubscribed: yes X-SW-Source: 2019-01/txt/msg01106.txt.bz2 Hi! When processing_template_decl, all we care about is diagnostics and the return type if it is not dependent; other spots that add sanitization do nothing if processing_template_decl and the following patch does that for the two recently added ones. Without it, save_expr is called on potentially dependent FE expressions the middle-end doesn't handle. Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk? 2019-01-18 Jakub Jelinek PR sanitizer/88901 * typeck.c (cp_build_binary_op): Don't instrument SANITIZE_POINTER_COMPARE if processing_template_decl. (pointer_diff): Similarly for SANITIZE_POINTER_SUBTRACT. * g++.dg/asan/pr88901.C: New test. --- gcc/cp/typeck.c.jj 2019-01-18 09:13:58.580790058 +0100 +++ gcc/cp/typeck.c 2019-01-18 11:53:45.941734135 +0100 @@ -5233,6 +5233,7 @@ cp_build_binary_op (const op_location_t } if ((code0 == POINTER_TYPE || code1 == POINTER_TYPE) + && !processing_template_decl && sanitize_flags_p (SANITIZE_POINTER_COMPARE)) { op0 = save_expr (op0); @@ -5650,7 +5651,8 @@ pointer_diff (location_t loc, tree op0, else inttype = restype; - if (sanitize_flags_p (SANITIZE_POINTER_SUBTRACT)) + if (!processing_template_decl + && sanitize_flags_p (SANITIZE_POINTER_SUBTRACT)) { op0 = save_expr (op0); op1 = save_expr (op1); --- gcc/testsuite/g++.dg/asan/pr88901.C.jj 2019-01-18 11:55:42.398826983 +0100 +++ gcc/testsuite/g++.dg/asan/pr88901.C 2019-01-18 11:55:26.559086374 +0100 @@ -0,0 +1,13 @@ +// PR sanitizer/88901 +// { dg-do compile } +// { dg-options "-fsanitize=address -fsanitize=pointer-compare" } + +template +struct A { + void foo() { + auto d = [](char *x, char *y) { + for (char *p = x; p + sizeof(T) <= y; p += sizeof(T)) + reinterpret_cast(p)->~T(); + }; + } +}; Jakub