Fix ubsan in gimple-fold.c (PR tree-optimization/82491).

Message ID 3a2d7ea3-4b11-b79e-49b6-518ad8cf6b60@suse.cz
State New
Headers show
Series
  • Fix ubsan in gimple-fold.c (PR tree-optimization/82491).
Related show

Commit Message

Martin Liška Feb. 19, 2018, 12:38 p.m.
Hi.

The patch was suggested by Richard Biener and then Richard Sandiford helped me to
rewrite it using poly-int. It prevents ubsan in gimple-fold.

Patch can bootstrap on ppc64le-redhat-linux and survives regression tests.
And it does not trigger ubsan in the test-case in gimple-fold.c.

Ready to be installed?
Martin

gcc/ChangeLog:

2018-02-19  Martin Liska  <mliska@suse.cz>
	    Richard Sandiford  <richard.sandiford@linaro.org>

	PR tree-optimization/82491
	* gimple-fold.c (get_base_constructor): Make earlier bail out
	to prevent ubsan.
---
 gcc/gimple-fold.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

Comments

Jeff Law Feb. 19, 2018, 4:48 p.m. | #1
On 02/19/2018 05:38 AM, Martin Liška wrote:
> Hi.

> 

> The patch was suggested by Richard Biener and then Richard Sandiford helped me to

> rewrite it using poly-int. It prevents ubsan in gimple-fold.

> 

> Patch can bootstrap on ppc64le-redhat-linux and survives regression tests.

> And it does not trigger ubsan in the test-case in gimple-fold.c.

> 

> Ready to be installed?

> Martin

> 

> gcc/ChangeLog:

> 

> 2018-02-19  Martin Liska  <mliska@suse.cz>

> 	    Richard Sandiford  <richard.sandiford@linaro.org>

> 

> 	PR tree-optimization/82491

> 	* gimple-fold.c (get_base_constructor): Make earlier bail out

> 	to prevent ubsan.

OK.
jeff

Patch

diff --git a/gcc/gimple-fold.c b/gcc/gimple-fold.c
index e556f050e43..c9dad6f42d1 100644
--- a/gcc/gimple-fold.c
+++ b/gcc/gimple-fold.c
@@ -6442,13 +6442,9 @@  get_base_constructor (tree base, poly_int64_pod *bit_offset,
 
   if (TREE_CODE (base) == MEM_REF)
     {
-      if (!integer_zerop (TREE_OPERAND (base, 1)))
-	{
-	  if (!tree_fits_shwi_p (TREE_OPERAND (base, 1)))
-	    return NULL_TREE;
-	  *bit_offset += (mem_ref_offset (base).force_shwi ()
-			  * BITS_PER_UNIT);
-	}
+      poly_offset_int boff = *bit_offset + mem_ref_offset (base) * BITS_PER_UNIT;
+      if (!boff.to_shwi (bit_offset))
+	return NULL_TREE;
 
       if (valueize
 	  && TREE_CODE (TREE_OPERAND (base, 0)) == SSA_NAME)