re PR sanitizer/81604 (Ubsan type reporting can be bogus in some cases)

	PR sanitizer/81604
	* ubsan.c (ubsan_type_descriptor): For UBSAN_PRINT_ARRAY don't
	change type to the element type, instead add eltype variable and
	use it where we are interested in the element type.

	* c-c++-common/ubsan/pr81604.c: New test.

From-SVN: r250728

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 318a98593518a1601d30d4b965a75348b02903bc..176847911b3660f522491ee4dffa27de9d0fbeee 100644 (file)
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,5 +1,10 @@
 2017-07-31  Jakub Jelinek  <jakub@redhat.com>
 
+       PR sanitizer/81604
+       * ubsan.c (ubsan_type_descriptor): For UBSAN_PRINT_ARRAY don't
+       change type to the element type, instead add eltype variable and
+       use it where we are interested in the element type.
+
        PR tree-optimization/81603
        * ipa-polymorphic-call.c
        (ipa_polymorphic_call_context::ipa_polymorphic_call_context): Perform

diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index a6a378263c1bfe9152a64dc03db05257071851b2..e84a715c22a05a361c93df102093f1d7218d273b 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2017-07-31  Jakub Jelinek  <jakub@redhat.com>
+
+       PR sanitizer/81604
+       * c-c++-common/ubsan/pr81604.c: New test.
+
 2017-07-30  H.J. Lu  <hongjiu.lu@intel.com>
 
        PR target/79793

diff --git a/gcc/testsuite/c-c++-common/ubsan/pr81604.c b/gcc/testsuite/c-c++-common/ubsan/pr81604.c
new file mode 100644 (file)
index 0000000..a06de76
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/pr81604.c
@@ -0,0 +1,31 @@
+/* PR sanitizer/81604 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds,signed-integer-overflow" } */
+
+long a[10];
+
+__attribute__((noinline, noclone)) long *
+foo (int i)
+{
+  return &a[i];
+}
+
+__attribute__((noinline, noclone)) long
+bar (long x, long y)
+{
+  return x * y;
+}
+
+int
+main ()
+{
+  volatile int i = -1;
+  volatile long l = __LONG_MAX__;
+  long *volatile p;
+  p = foo (i);
+  l = bar (l, l);
+  return 0;
+}
+
+/* { dg-output "index -1 out of bounds for type 'long int \\\[10\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*signed integer overflow: \[0-9]+ \\* \[0-9]+ cannot be represented in type 'long int'" } */

diff --git a/gcc/ubsan.c b/gcc/ubsan.c
index cca3c2d85d3d01ae5185394987d13d9e625c8566..2580a58b6ebe0257ba1ad58efb9b78a2d1df501f 100644 (file)
--- a/gcc/ubsan.c
+++ b/gcc/ubsan.c
@@ -402,6 +402,7 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
     /* We weren't able to determine the type name.  */
     tname = "<unknown>";
 
+  tree eltype = type;
   if (pstyle == UBSAN_PRINT_POINTER)
     {
       pp_printf (&pretty_name, "'%s%s%s%s%s%s%s",
@@ -452,12 +453,12 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
       pp_quote (&pretty_name);
 
       /* Save the tree with stripped types.  */
-      type = t;
+      eltype = t;
     }
   else
     pp_printf (&pretty_name, "'%s'", tname);
 
-  switch (TREE_CODE (type))
+  switch (TREE_CODE (eltype))
     {
     case BOOLEAN_TYPE:
     case ENUMERAL_TYPE:
@@ -467,9 +468,9 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
     case REAL_TYPE:
       /* FIXME: libubsan right now only supports float, double and
         long double type formats.  */
-      if (TYPE_MODE (type) == TYPE_MODE (float_type_node)
-         || TYPE_MODE (type) == TYPE_MODE (double_type_node)
-         || TYPE_MODE (type) == TYPE_MODE (long_double_type_node))
+      if (TYPE_MODE (eltype) == TYPE_MODE (float_type_node)
+         || TYPE_MODE (eltype) == TYPE_MODE (double_type_node)
+         || TYPE_MODE (eltype) == TYPE_MODE (long_double_type_node))
        tkind = 0x0001;
       else
        tkind = 0xffff;
@@ -478,7 +479,7 @@ ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
       tkind = 0xffff;
       break;
     }
-  tinfo = get_ubsan_type_info_for_type (type);
+  tinfo = get_ubsan_type_info_for_type (eltype);
 
   /* Create a new VAR_DECL of type descriptor.  */
   const char *tmp = pp_formatted_text (&pretty_name);