re PR sanitizer/66977 (-fsanitize=shift may introduce uninitialized variables)

PR sanitizer/66977 * typeck.c (get_member_function_from_ptrfunc): Don't sanitize RSHIFT_EXPR. * g++.dg/ubsan/pr66977.C: New test. From-SVN: r226440

re PR sanitizer/66977 (-fsanitize=shift may introduce uninitialized variables)
PR sanitizer/66977 * typeck.c (get_member_function_from_ptrfunc): Don't sanitize RSHIFT_EXPR. * g++.dg/ubsan/pr66977.C: New test. From-SVN: r226440
ec043522 · Marek Polacek · Marek Polacek · b5d3d787 · ec043522 · ec043522
Commit ec043522 authored Jul 31, 2015 by Marek Polacek Committed by Marek Polacek Jul 31, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 45 additions and 0 deletions

gcc/cp/ChangeLog
+6 -0

gcc/cp/typeck.c
+7 -0

gcc/testsuite/ChangeLog
+5 -0

gcc/testsuite/g++.dg/ubsan/pr66977.C
+27 -0

No files found.
--- a/gcc/cp/ChangeLog
+++ b/gcc/cp/ChangeLog
+2015-07-31  Marek Polacek  <polacek@redhat.com>
+
+	PR sanitizer/66977
+	* typeck.c (get_member_function_from_ptrfunc): Don't sanitize
+	RSHIFT_EXPR.
+
 2015-07-30  Paolo Carlini  <paolo.carlini@oracle.com>

 	* class.c (check_for_override): Use DECL_SOURCE_LOCATION and "%qD"

--- a/gcc/cp/typeck.c
+++ b/gcc/cp/typeck.c
@@ -3288,6 +3288,7 @@ get_member_function_from_ptrfunc (tree *instance_ptrptr, tree function,
      idx = build1 (NOP_EXPR, vtable_index_type, e3);
      switch (TARGET_PTRMEMFUNC_VBIT_LOCATION)
 	{
+	  int flag_sanitize_save;
 	case ptrmemfunc_vbit_in_pfn:
 	  e1 = cp_build_binary_op (input_location,
 				   BIT_AND_EXPR, idx, integer_one_node,
@@ -3303,9 +3304,15 @@ get_member_function_from_ptrfunc (tree *instance_ptrptr, tree function,
 	  e1 = cp_build_binary_op (input_location,
 				   BIT_AND_EXPR, delta, integer_one_node,
 				   complain);
+	  /* Don't instrument the RSHIFT_EXPR we're about to create because
+	     we're going to use DELTA number of times, and that wouldn't play
+	     well with SAVE_EXPRs therein.  */
+	  flag_sanitize_save = flag_sanitize;
+	  flag_sanitize = 0;
 	  delta = cp_build_binary_op (input_location,
 				      RSHIFT_EXPR, delta, integer_one_node,
 				      complain);
+	  flag_sanitize = flag_sanitize_save;
 	  if (delta == error_mark_node)
 	    return error_mark_node;
 	  break;

--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
+2015-07-31  Marek Polacek  <polacek@redhat.com>
+
+	PR sanitizer/66977
+	* g++.dg/ubsan/pr66977.C: New test.
+
 2015-07-30  Marek Polacek  <polacek@redhat.com>

 	* c-c++-common/Wtautological-compare-3.c: New test.

--- a/gcc/testsuite/g++.dg/ubsan/pr66977.C
+++ b/gcc/testsuite/g++.dg/ubsan/pr66977.C
+// PR sanitizer/66977
+// { dg-do compile }
+// { dg-options "-fsanitize=shift -Wmaybe-uninitialized -O" }
+
+class Foo {
+
+private:
+
+  int a_;
+
+public:
+
+  Foo (int a) : a_(a) {};
+
+  inline int get_a () { return a_; };
+};
+
+int bar (int (Foo::*get)()) {
+  Foo *A = new Foo(1);
+  int result = (A->*get)();
+  delete (A);
+  return result;
+}
+
+int main () {
+  return bar (&Foo::get_a);
+}