re PR sanitizer/82072 (sanitizer does not detect an overflow from LLONG_MIN)

PR sanitizer/82072 * convert.c (convert_to_integer_1) <case NEGATE_EXPR>: Move the ubsan check earlier. * c-c++-common/ubsan/pr82072-2.c: New test. From-SVN: r251717

re PR sanitizer/82072 (sanitizer does not detect an overflow from LLONG_MIN)
PR sanitizer/82072 * convert.c (convert_to_integer_1) <case NEGATE_EXPR>: Move the ubsan check earlier. * c-c++-common/ubsan/pr82072-2.c: New test. From-SVN: r251717
c253525e · Marek Polacek · Marek Polacek · d49318d9 · c253525e · c253525e
Commit c253525e authored Sep 05, 2017 by Marek Polacek Committed by Marek Polacek Sep 05, 2017
Show whitespace changes
Inline Side-by-side

Showing with 32 additions and 5 deletions

gcc/ChangeLog
+6 -0

gcc/convert.c
+6 -5

gcc/testsuite/ChangeLog
+5 -0

gcc/testsuite/c-c++-common/ubsan/pr82072-2.c
+15 -0

No files found.
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
+2017-09-05  Marek Polacek  <polacek@redhat.com>
+
+	PR sanitizer/82072
+	* convert.c (convert_to_integer_1) <case NEGATE_EXPR>: Move the ubsan
+	check earlier.
+
 2017-09-05  Wilco Dijkstra  <wdijkstr@arm.com>

 	* explow.c (get_dynamic_stack_size): Improve dynamic alignment.

--- a/gcc/convert.c
+++ b/gcc/convert.c
@@ -886,6 +886,12 @@ convert_to_integer_1 (tree type, tree expr, bool dofold)
 	    break;

 	  case NEGATE_EXPR:
+	    /* Using unsigned arithmetic for signed types may hide overflow
+	       bugs.  */
+	    if (!TYPE_UNSIGNED (TREE_TYPE (TREE_OPERAND (expr, 0)))
+		&& sanitize_flags_p (SANITIZE_SI_OVERFLOW))
+	      break;
+	    /* Fall through.  */
 	  case BIT_NOT_EXPR:
 	    /* This is not correct for ABS_EXPR,
 	       since we must test the sign before truncation.  */
@@ -902,12 +908,7 @@ convert_to_integer_1 (tree type, tree expr, bool dofold)
 						    TYPE_UNSIGNED (typex));

 	      if (!TYPE_UNSIGNED (typex))
-		{
-		  /* Using unsigned arithmetic may hide overflow bugs.  */
-		  if (sanitize_flags_p (SANITIZE_SI_OVERFLOW))
-		    break;
 		typex = unsigned_type_for (typex);
-		}
 	      return convert (type,
 			      fold_build1 (ex_form, typex,
 					   convert (typex,

--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
+2017-09-05  Marek Polacek  <polacek@redhat.com>
+
+	PR sanitizer/82072
+	* c-c++-common/ubsan/pr82072-2.c: New test.
+
 2017-09-05  Paolo Carlini  <paolo.carlini@oracle.com>

 	PR c++/81942

--- a/gcc/testsuite/c-c++-common/ubsan/pr82072-2.c
+++ b/gcc/testsuite/c-c++-common/ubsan/pr82072-2.c
+/* PR sanitizer/82072 */
+/* { dg-do run } */
+/* { dg-options "-fsanitize=signed-integer-overflow" } */
+
+int
+main ()
+{
+  long long int l = -__LONG_LONG_MAX__ - 1;
+  unsigned int u;
+  u = -l;
+  asm volatile ("" : "+r" (u));
+  return 0;
+}
+
+/* { dg-output "negation of -9223372036854775808 cannot be represented in type 'long long int'\[^\n\r]*; cast to an unsigned type to negate this value to itself" } */