re PR sanitizer/71498 (ubsan bounds checking influenced by surrounding code)

PR sanitizer/71498 * c-gimplify.c (ubsan_walk_array_refs_r): Set *walk_subtrees = 0 on all BIND_EXPRs, and on all BIND_EXPRs recurse also on BIND_EXPR_BODY. * c-c++-common/ubsan/bounds-13.c: New test. From-SVN: r237409

re PR sanitizer/71498 (ubsan bounds checking influenced by surrounding code)
PR sanitizer/71498 * c-gimplify.c (ubsan_walk_array_refs_r): Set *walk_subtrees = 0 on all BIND_EXPRs, and on all BIND_EXPRs recurse also on BIND_EXPR_BODY. * c-c++-common/ubsan/bounds-13.c: New test. From-SVN: r237409
0dda258b · Jakub Jelinek · Jakub Jelinek · ef7cf206 · 0dda258b · 0dda258b
Commit 0dda258b authored Jun 13, 2016 by Jakub Jelinek Committed by Jakub Jelinek Jun 13, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 6 deletions

gcc/c-family/ChangeLog
+4 -0

gcc/c-family/c-gimplify.c
+6 -6

gcc/testsuite/ChangeLog
+3 -0

gcc/testsuite/c-c++-common/ubsan/bounds-13.c
+31 -0

No files found.
--- a/gcc/c-family/ChangeLog
+++ b/gcc/c-family/ChangeLog
 2016-06-13  Jakub Jelinek  <jakub@redhat.com>
+	PR sanitizer/71498
+	* c-gimplify.c (ubsan_walk_array_refs_r): Set *walk_subtrees = 0 on
+	all BIND_EXPRs, and on all BIND_EXPRs recurse also on BIND_EXPR_BODY.
 	PR preprocessor/71183
 	* c-ppoutput.c (init_pp_output): Set cb->get_source_date_epoch
 	to cb_get_source_date_epoch.

--- a/gcc/c-family/c-gimplify.c
+++ b/gcc/c-family/c-gimplify.c
@@ -67,23 +67,23 @@ ubsan_walk_array_refs_r (tree *tp, int *walk_subtrees, void *data)
 {
  hash_set<tree> *pset = (hash_set<tree> *) data;
-  /* Since walk_tree doesn't call the callback function on the decls
-     in BIND_EXPR_VARS, we have to walk them manually.  */
  if (TREE_CODE (*tp) == BIND_EXPR)
    {
+      /* Since walk_tree doesn't call the callback function on the decls
+	 in BIND_EXPR_VARS, we have to walk them manually, so we can avoid
+	 instrumenting DECL_INITIAL of TREE_STATIC vars.  */
+      *walk_subtrees = 0;
      for (tree decl = BIND_EXPR_VARS (*tp); decl; decl = DECL_CHAIN (decl))
 	{
 	  if (TREE_STATIC (decl))
-	    {
+	    continue;
-	      *walk_subtrees = 0;
-	      continue;
-	    }
 	  walk_tree (&DECL_INITIAL (decl), ubsan_walk_array_refs_r, pset,
 		     pset);
 	  walk_tree (&DECL_SIZE (decl), ubsan_walk_array_refs_r, pset, pset);
 	  walk_tree (&DECL_SIZE_UNIT (decl), ubsan_walk_array_refs_r, pset,
 		     pset);
 	}
+      walk_tree (&BIND_EXPR_BODY (*tp), ubsan_walk_array_refs_r, pset, pset);
    }
  else if (TREE_CODE (*tp) == ADDR_EXPR
 	   && TREE_CODE (TREE_OPERAND (*tp, 0)) == ARRAY_REF)

--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
 2016-06-13  Jakub Jelinek  <jakub@redhat.com>
+	PR sanitizer/71498
+	* c-c++-common/ubsan/bounds-13.c: New test.
 	PR preprocessor/71183
 	* gcc.dg/cpp/source_date_epoch-3.c: New test.

--- a/gcc/testsuite/c-c++-common/ubsan/bounds-13.c
+++ b/gcc/testsuite/c-c++-common/ubsan/bounds-13.c
+/* PR sanitizer/71498 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=bounds -Wno-array-bounds" } */
+struct S { int a[100]; int b, c; } s;
+__attribute__((noinline, noclone)) int
+foo (int x)
+{
+  return s.a[x];
+}
+__attribute__((noinline, noclone)) int
+bar (int x)
+{
+  static int *d = &s.a[99];
+  asm volatile ("" : : "r" (&d));
+  return s.a[x];
+}
+int
+main ()
+{
+  volatile int a = 0;
+  a += foo (100);
+  a += bar (100);
+  return 0;
+}
+/* { dg-output "index 100 out of bounds for type 'int \\\[100\\\]'\[^\n\r]*(\n|\r\n|\r)" } */
+/* { dg-output "\[^\n\r]*index 100 out of bounds for type 'int \\\[100\\\]'\[^\n\r]*(\n|\r\n|\r)" } */