Re: [RFC PATCH] -fsanitize=pointer-overflow support (PR sanitizer/80998)

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: Richard Biener <rguenther@suse.de>
To: Jakub Jelinek <jakub@redhat.com>
Cc: "Martin Liška" <mliska@suse.cz>, gcc-patches@gcc.gnu.org
Subject: Re: [RFC PATCH] -fsanitize=pointer-overflow support (PR sanitizer/80998)
Date: Wed, 21 Jun 2017 08:05:00 -0000	[thread overview]
Message-ID: <alpine.LSU.2.20.1706211004540.22867@zhemvz.fhfr.qr> (raw)
In-Reply-To: <20170621080048.GN2123@tucnak>

On Wed, 21 Jun 2017, Jakub Jelinek wrote:

> On Tue, Jun 20, 2017 at 09:41:43AM +0200, Richard Biener wrote:
> > > 2) libcpp/line-map.c has this:
> > > static int
> > > location_adhoc_data_update (void **slot, void *data)
> > > {
> > >   *((char **) slot) += *((int64_t *) data);
> > >   return 1;
> > > }
> > > where the (why int64_t always?, we really need just intptr_t) adjusts
> > > one pointer from an unrelated one (result of realloc).  That is a UB
> > > and actually can trigger this sanitization if the two regions are
> > > far away from each other, e.g. on i686-linux:
> > > ../../libcpp/line-map.c:102:21: runtime error: pointer index expression with base 0x0899e308 overflowed to 0xf74c4ab8
> > > ../../libcpp/line-map.c:102:21: runtime error: pointer index expression with base 0x08add7c0 overflowed to 0xf74c9a08
> > > ../../libcpp/line-map.c:102:21: runtime error: pointer index expression with base 0x092ba308 overflowed to 0xf741cab8
> > > ../../libcpp/line-map.c:102:21: runtime error: pointer index expression with base 0x0a3757c0 overflowed to 0xf7453a08
> > > Shall we perform the addition in uintptr_t instead to make it
> > > implementation defined rather than UB?
> > 
> > Yes.
> 
> Here is a patch for 2), bootstrap-ubsan bootstrapped/regtested on
> x86_64-linux and i686-linux, ok for trunk?

Ok.

Richard.

> Note both ptrdiff_t and uintptr_t are already used in libcpp, so I think
> it shouldn't create new portability issues.
> 
> 2017-06-21  Jakub Jelinek  <jakub@redhat.com>
> 
> 	* line-map.c (location_adhoc_data_update): Perform addition in
> 	uintptr_t type rather than char * type.  Read *data using
> 	ptrdiff_t type instead of int64_t.
> 	(get_combined_adhoc_loc): Change offset type to ptrdiff_t from
> 	int64_t.
> 
> --- libcpp/line-map.c.jj	2017-06-19 08:28:18.000000000 +0200
> +++ libcpp/line-map.c	2017-06-20 16:43:25.193063344 +0200
> @@ -99,7 +99,8 @@ location_adhoc_data_eq (const void *l1,
>  static int
>  location_adhoc_data_update (void **slot, void *data)
>  {
> -  *((char **) slot) += *((int64_t *) data);
> +  *((char **) slot)
> +    = (char *) ((uintptr_t) *((char **) slot) + *((ptrdiff_t *) data));
>    return 1;
>  }
>  
> @@ -221,7 +222,7 @@ get_combined_adhoc_loc (struct line_maps
>  	  set->location_adhoc_data_map.allocated)
>  	{
>  	  char *orig_data = (char *) set->location_adhoc_data_map.data;
> -	  int64_t offset;
> +	  ptrdiff_t offset;
>  	  /* Cast away extern "C" from the type of xrealloc.  */
>  	  line_map_realloc reallocator = (set->reallocator
>  					  ? set->reallocator
> 
> 
> 	Jakub
> 
> 

-- 
Richard Biener <rguenther@suse.de>
SUSE LINUX GmbH, GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)

     prev parent reply	other threads:[~2017-06-21  8:05 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-19 18:25 Jakub Jelinek
2017-06-20  7:41 ` Richard Biener
2017-06-20  8:14   ` Jakub Jelinek
2017-06-20  8:18     ` Richard Biener
2017-06-21  7:58       ` Jakub Jelinek
2017-06-21  8:04         ` Richard Biener
2017-06-21 14:40       ` [RFC PATCH] Fix pointer diff (was: -fsanitize=pointer-overflow support (PR sanitizer/80998)) Jakub Jelinek
2017-06-21 15:17         ` Jakub Jelinek
2017-06-21 16:27         ` Marc Glisse
2017-06-22  8:31           ` Richard Biener
2017-06-22  9:29             ` Marc Glisse
2017-06-22  9:46               ` Richard Biener
2017-07-01 16:41                 ` Marc Glisse
2017-07-03 12:37                   ` Richard Biener
2017-10-09 11:01                     ` Marc Glisse
2017-10-19 15:11                       ` Richard Biener
2017-10-28 13:04                         ` Marc Glisse
2017-10-28 17:13                           ` Richard Biener
2017-07-04  8:53       ` [RFC PATCH] -fsanitize=pointer-overflow support (PR sanitizer/80998) Jakub Jelinek
2017-06-21  8:00   ` Jakub Jelinek
2017-06-21  8:05     ` Richard Biener [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LSU.2.20.1706211004540.22867@zhemvz.fhfr.qr \
    --to=rguenther@suse.de \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=jakub@redhat.com \
    --cc=mliska@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).