public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed
* [PATCH] Another extract_muldiv-induced overflow (PR sanitizer/80932)
@ 2017-06-06 10:31 Marek Polacek
  2017-06-07  2:37 ` Jeff Law
  0 siblings, 1 reply; 2+ messages in thread
From: Marek Polacek @ 2017-06-06 10:31 UTC (permalink / raw)
  To: GCC Patches

Another case of extract_muldiv running off the rails.  Here it did a wrong
distribution; turning 

  ((A * x) - (B * x)) * -6

into

  (A' * x) - (B' * x)

incurred an overflow in the subtraction.  The fix is essentially the same
as what I did in sanitizer/80800.

Bootstrapped/regtested on x86_64-linux, ok for trunk/7/6?

2017-06-06  Marek Polacek  <polacek@redhat.com>

	PR sanitizer/80932
	* fold-const.c (extract_muldiv_1) <case MINUS_EXPR>: Add
	TYPE_OVERFLOW_WRAPS check. 

	* c-c++-common/ubsan/pr80932.c: New test.

diff --git gcc/fold-const.c gcc/fold-const.c
index b0d03c9..f3975c7 100644
--- gcc/fold-const.c
+++ gcc/fold-const.c
@@ -6178,6 +6178,7 @@ extract_muldiv_1 (tree t, tree c, enum tree_code code, tree wide_type,
       t1 = extract_muldiv (op0, c, code, wide_type, &sub_strict_overflow_p);
       t2 = extract_muldiv (op1, c, code, wide_type, &sub_strict_overflow_p);
       if (t1 != 0 && t2 != 0
+	  && TYPE_OVERFLOW_WRAPS (ctype)
 	  && (code == MULT_EXPR
 	      /* If not multiplication, we can only do this if both operands
 		 are divisible by c.  */
diff --git gcc/testsuite/c-c++-common/ubsan/pr80932.c gcc/testsuite/c-c++-common/ubsan/pr80932.c
index e69de29..a833712 100644
--- gcc/testsuite/c-c++-common/ubsan/pr80932.c
+++ gcc/testsuite/c-c++-common/ubsan/pr80932.c
@@ -0,0 +1,17 @@
+/* PR sanitizer/80932 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=undefined -fsanitize-undefined-trap-on-error" } */
+
+int x = 1;
+
+long int
+foo (void)
+{
+  return ((long) (13801962912760474560ULL * x) - (long) (15334142073106273231ULL * x)) * -6;
+}
+
+int
+main ()
+{
+  foo ();
+}

	Marek

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [PATCH] Another extract_muldiv-induced overflow (PR sanitizer/80932)
  2017-06-06 10:31 [PATCH] Another extract_muldiv-induced overflow (PR sanitizer/80932) Marek Polacek
@ 2017-06-07  2:37 ` Jeff Law
  0 siblings, 0 replies; 2+ messages in thread
From: Jeff Law @ 2017-06-07  2:37 UTC (permalink / raw)
  To: Marek Polacek, GCC Patches

On 06/06/2017 04:31 AM, Marek Polacek wrote:
> Another case of extract_muldiv running off the rails.  Here it did a wrong
> distribution; turning 
> 
>   ((A * x) - (B * x)) * -6
> 
> into
> 
>   (A' * x) - (B' * x)
> 
> incurred an overflow in the subtraction.  The fix is essentially the same
> as what I did in sanitizer/80800.
> 
> Bootstrapped/regtested on x86_64-linux, ok for trunk/7/6?
> 
> 2017-06-06  Marek Polacek  <polacek@redhat.com>
> 
> 	PR sanitizer/80932
> 	* fold-const.c (extract_muldiv_1) <case MINUS_EXPR>: Add
> 	TYPE_OVERFLOW_WRAPS check. 
> 
> 	* c-c++-common/ubsan/pr80932.c: New test.
OK
jeff

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-06-07  2:37 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-06 10:31 [PATCH] Another extract_muldiv-induced overflow (PR sanitizer/80932) Marek Polacek
2017-06-07  2:37 ` Jeff Law

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).