c-ubsan.c (ubsan_instrument_bounds): Don't skip instrumenting flexible member array...

author Marek Polacek <mpolacek@gcc.gnu.org>

Thu, 7 May 2015 08:08:57 +0000 (08:08 +0000)

committer Marek Polacek <mpolacek@gcc.gnu.org>

Thu, 7 May 2015 08:08:57 +0000 (08:08 +0000)
author Marek Polacek <mpolacek@gcc.gnu.org>
Thu, 7 May 2015 08:08:57 +0000 (08:08 +0000)
committer Marek Polacek <mpolacek@gcc.gnu.org>
Thu, 7 May 2015 08:08:57 +0000 (08:08 +0000)
diff --git a/gcc/ChangeLog b/gcc/ChangeLog

index 19cd61cde92f219d1084d57bd65cdb3b3bd5d5b0..beabbcb5fa0f0f79d6879d6f9a773bfb8daf0675 100644 (file)
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,11 @@
+2015-05-07  Marek Polacek  <polacek@redhat.com>
+           Martin Uecker  <uecker@eecs.berkeley.edu>
+
+       * doc/invoke.texi: Document -fsanitize=bounds-strict.
+       * flag-types.h (enum sanitize_code): Add SANITIZE_BOUNDS_STRICT, or it
+       into SANITIZE_NONDEFAULT.
+       * opts.c (common_handle_option): Handle -fsanitize=bounds-strict.
+
  2015-05-07  Uros Bizjak  <ubizjak@gmail.com>
  
         PR target/66015
diff --git a/gcc/c-family/ChangeLog b/gcc/c-family/ChangeLog

index 9d16d4319d4bfd7fe32d6f7ef368c672d444b341..dd69f2584060bb9db79a9dc889efe9da2c72d868 100644 (file)
--- a/gcc/c-family/ChangeLog
+++ b/gcc/c-family/ChangeLog
@@ -1,3 +1,9 @@
+2015-05-07  Marek Polacek  <polacek@redhat.com>
+           Martin Uecker  <uecker@eecs.berkeley.edu>
+
+       * c-ubsan.c (ubsan_instrument_bounds): Don't skip instrumenting
+       flexible member array-like members if SANITIZE_BOUNDS_STRICT.
+
  2015-05-05  Jason Merrill  <jason@redhat.com>
  
         * c.opt (Wterminate): New.
@@ -9,8 +15,8 @@
  
  2015-04-29  Josh Triplett  <josh@joshtriplett.org>
  
-        * c-common.c (handle_section_attribute): Refactor to reduce
-        nesting and distinguish between error cases.
+       * c-common.c (handle_section_attribute): Refactor to reduce
+       nesting and distinguish between error cases.
  
  2015-04-29  Marek Polacek  <polacek@redhat.com>
  
@@ -30,7 +36,7 @@
         * c-common.c (build_va_arg): Mark va_arg ap argument as addressable.
  
  2015-04-28  Eric Botcazou  <ebotcazou@adacore.com>
-            Pierre-Marie de Rodat  <derodat@adacore.com>
+           Pierre-Marie de Rodat  <derodat@adacore.com>
  
         * c-ada-spec.c (in_function): Delete.
         (dump_generic_ada_node): Do not change in_function and remove the
diff --git a/gcc/c-family/c-ubsan.c b/gcc/c-family/c-ubsan.c

index a14426f962467aa5148be765cfe89383cfbe8ef5..dbbdc5bf1c46b869d51dc8ba0e33ac859e4c8381 100644 (file)
--- a/gcc/c-family/c-ubsan.c
+++ b/gcc/c-family/c-ubsan.c
@@ -301,9 +301,11 @@ ubsan_instrument_bounds (location_t loc, tree array, tree *index,
      bound = fold_build2 (PLUS_EXPR, TREE_TYPE (bound), bound,
                          build_int_cst (TREE_TYPE (bound), 1));
  
-  /* Detect flexible array members and suchlike.  */
+  /* Detect flexible array members and suchlike, unless
+     -fsanitize=bounds-strict.  */
    tree base = get_base_address (array);
-  if (TREE_CODE (array) == COMPONENT_REF
+  if ((flag_sanitize & SANITIZE_BOUNDS_STRICT) == 0
+      && TREE_CODE (array) == COMPONENT_REF
        && base && (TREE_CODE (base) == INDIRECT_REF
                   || TREE_CODE (base) == MEM_REF))
      {
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi

index 9c8aa99dbd9f5ba382aa02aaab3352d96409d468..2c58a0d76cac6ea5aaf5c03e25a2303898766771 100644 (file)
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -5736,6 +5736,13 @@ This option enables instrumentation of array bounds.  Various out of bounds
  accesses are detected.  Flexible array members, flexible array member-like
  arrays, and initializers of variables with static storage are not instrumented.
  
+@item -fsanitize=bounds-strict
+@opindex fsanitize=bounds-strict
+This option enables strict instrumentation of array bounds.  Most out of bounds
+accesses are detected, including flexible array members and flexible array
+member-like arrays.  Initializers of variables with static storage are not
+instrumented.
+
  @item -fsanitize=alignment
  @opindex fsanitize=alignment
  
diff --git a/gcc/flag-types.h b/gcc/flag-types.h

index bfdce442a629854556c93d2e98bff322d1841f3c..2f820a5a764cb7b9bf8ee4a646117b323c31265b 100644 (file)
--- a/gcc/flag-types.h
+++ b/gcc/flag-types.h
@@ -238,6 +238,7 @@ enum sanitize_code {
    SANITIZE_RETURNS_NONNULL_ATTRIBUTE = 1UL << 19,
    SANITIZE_OBJECT_SIZE = 1UL << 20,
    SANITIZE_VPTR = 1UL << 21,
+  SANITIZE_BOUNDS_STRICT = 1UL << 22,
    SANITIZE_UNDEFINED = SANITIZE_SHIFT | SANITIZE_DIVIDE | SANITIZE_UNREACHABLE
                        | SANITIZE_VLA | SANITIZE_NULL | SANITIZE_RETURN
                        | SANITIZE_SI_OVERFLOW | SANITIZE_BOOL | SANITIZE_ENUM
@@ -246,6 +247,7 @@ enum sanitize_code {
                        | SANITIZE_RETURNS_NONNULL_ATTRIBUTE
                        | SANITIZE_OBJECT_SIZE | SANITIZE_VPTR,
    SANITIZE_NONDEFAULT = SANITIZE_FLOAT_DIVIDE | SANITIZE_FLOAT_CAST
+                       | SANITIZE_BOUNDS_STRICT
  };
  
  /* flag_vtable_verify initialization levels. */
diff --git a/gcc/opts.c b/gcc/opts.c

index fed5d12063b9630be09c42569eb3b38144b8f303..cf923344a11d40275d47d4da7ff738bc7c3edf50 100644 (file)
--- a/gcc/opts.c
+++ b/gcc/opts.c
@@ -1584,6 +1584,8 @@ common_handle_option (struct gcc_options *opts,
               { "float-cast-overflow", SANITIZE_FLOAT_CAST,
                 sizeof "float-cast-overflow" - 1 },
               { "bounds", SANITIZE_BOUNDS, sizeof "bounds" - 1 },
+             { "bounds-strict", SANITIZE_BOUNDS | SANITIZE_BOUNDS_STRICT,
+               sizeof "bounds-strict" - 1 },
               { "alignment", SANITIZE_ALIGNMENT, sizeof "alignment" - 1 },
               { "nonnull-attribute", SANITIZE_NONNULL_ATTRIBUTE,
                 sizeof "nonnull-attribute" - 1 },
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog

index 669efb56af314855f3d1a6e0f3726f876f4ab049..d4d52638150bddc48cae1bbeabdefbae37d944c3 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2015-05-07  Marek Polacek  <polacek@redhat.com>
+           Martin Uecker  <uecker@eecs.berkeley.edu>
+
+       * c-c++-common/ubsan/bounds-10.c: New test.
+
  2015-05-06  David Malcolm  <dmalcolm@redhat.com>
  
         * jit.dg/harness.h (set_options): Wrap with
diff --git a/gcc/testsuite/c-c++-common/ubsan/bounds-10.c b/gcc/testsuite/c-c++-common/ubsan/bounds-10.c

new file mode 100644 (file)

index 0000000..a6187b5
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/bounds-10.c
@@ -0,0 +1,16 @@
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds-strict" } */
+
+struct V { int l; int a[1]; };
+
+int
+main (void)
+{
+  /* For strict, do instrument last array in a struct.  */
+  struct V *v = (struct V *) __builtin_malloc (sizeof (struct V) + 10);
+  v->a[1] = 1;
+
+  return 0;
+}
+
+/* { dg-output "index 1 out of bounds for type 'int \\\[1\\\]'" } */
author	Marek Polacek <mpolacek@gcc.gnu.org>
	Thu, 7 May 2015 08:08:57 +0000 (08:08 +0000)
committer	Marek Polacek <mpolacek@gcc.gnu.org>
	Thu, 7 May 2015 08:08:57 +0000 (08:08 +0000)
gcc/ChangeLog		patch \| blob \| history
gcc/c-family/ChangeLog		patch \| blob \| history
gcc/c-family/c-ubsan.c		patch \| blob \| history
gcc/doc/invoke.texi		patch \| blob \| history
gcc/flag-types.h		patch \| blob \| history
gcc/opts.c		patch \| blob \| history
gcc/testsuite/ChangeLog		patch \| blob \| history
gcc/testsuite/c-c++-common/ubsan/bounds-10.c	[new file with mode: 0644]	patch \| blob