From patchwork Fri Apr 12 13:54:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qing Zhao X-Patchwork-Id: 1923158 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.a=rsa-sha256 header.s=corp-2023-11-20 header.b=dGob0mLz; dkim=pass (1024-bit key; unprotected) header.d=oracle.onmicrosoft.com header.i=@oracle.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-oracle-onmicrosoft-com header.b=foObH2C3; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VGJL03hdlz1yYB for ; Sat, 13 Apr 2024 00:07:36 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 917F93858417 for ; Fri, 12 Apr 2024 14:07:34 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by sourceware.org (Postfix) with ESMTPS id CF25F3858CDB for ; Fri, 12 Apr 2024 14:07:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CF25F3858CDB Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=oracle.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CF25F3858CDB Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=205.220.177.32 ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1712930837; cv=pass; b=WeUFcN6Vnf3eS7an88T+xSQEm4IVv/8l+JsIj5Jb0k2gZSHupADck75BN8FCjnhJ456grRIrtDzJ0ATS2NKG4NRZWJlEv6bvZiTaUBFWGgHo4ZIh6Foe00YWBgRAbe1NNLhBBzpcE4LE+sDuUy2HgN22CpozT4a/YYbKlKdrGQ8= ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1712930837; c=relaxed/simple; bh=VYUdRmfEB4cFFMIRemDI8zFmG/JE6raxBSU4mCyIkg0=; h=DKIM-Signature:DKIM-Signature:From:To:Subject:Date:Message-Id: MIME-Version; b=Zry5V8CxfFmg0J54Ysl/6i6glgR+p4+vlHe6l15mWPVC9dak5nLLWFM/de7TOnbjMyNQw/cFw0pGvTEfWVM+m7aDOAoIQz7uiVxmlpQL7HsmIoBopkKirb5YUdqPi2gUfXKoXMq6xxoKWZV2uLzBzuRYOKn+DQOLaVaXZYmaNbs= ARC-Authentication-Results: i=2; server2.sourceware.org Received: from pps.filterd (m0333520.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 43CCKoHP032579; Fri, 12 Apr 2024 14:07:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : content-type : mime-version; s=corp-2023-11-20; bh=oKYSrntSY5aRPtPOaaLCJLyKDz2RVKzXgLdz/F6HqBM=; b=dGob0mLzVpC7XV33Il+F/f0DFdmqx91bsNo39ykf4YUYXgBMk2bd32XkfqJ9tyJA1S0v mrFmKBUNlVJxTkKZHwyMwS4vOjKZFfvoF+V7m/GFK2Km/VM3bQ9UqNd/bHrZG/UUdvFq k5EUz+UU6iQYEwEfDY5Vy5gt9KP+3zI7ZoO5/UxETBJSUMYs9X/Y7j3usVYhMb6TRXnm b7IuxWchsW6rAqtSEMTHNI1fcDwKoH3jrGNjfXks5EEATs7Sgjg/wGO1oDXS2+5MyKo7 GQCh41NffpLw1z1LNrewctvs7xHfCo/iIjLNqYbUFpmz4vqjJV4Qga+T0eObGqpZcYlk hQ== Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.appoci.oracle.com [130.35.100.223]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3xaxedv1r2-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 12 Apr 2024 14:07:13 +0000 Received: from pps.filterd (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 43CDrEUL040021; Fri, 12 Apr 2024 13:54:52 GMT Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2169.outbound.protection.outlook.com [104.47.57.169]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3xavuhaggb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 12 Apr 2024 13:54:51 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HEOtVubKcAzBjg2HqFGUFnL3bbaAGMd9dKpFyOMNRAdFm3o4ki37fmZNGNZTNLF+3PLfAGDK/IxtAncoUGVF90obldgUlGySywvUnW56kBh4205ED3joku2KyOAVKavKvllfsaLOHKf+Pjpn1lSuGBTc1kPvTWyfNbUGS0LK19u8L1/QzX8ZetnDrKd9ByHPr1G3/Acee0ievtFoOR+aaOA57iJmcCysNd9MqaznlaphcEDt9AXTKOY/Q5m2RoVvtXRDVBJWiUFHFDmr2xZ8ZjT5O8AAGVfXT+gCTYAT2iREJtvgh/N2G/9BqfVS6G4sYiufGm5H/wNE0hp8qfAU4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oKYSrntSY5aRPtPOaaLCJLyKDz2RVKzXgLdz/F6HqBM=; b=i2R6cdNSH435jlbOweOPR9+Yid49CeMHhT/RitSCLgEYX2DJZX3XO7Kgu1Tp43zOwhfVM4/+FK6t+hd+b6D+KmcplcVCiwvPwIY+cSN+0+CNy254dwP4P1qMXFe0f/GtKBzgtg0PyLC5WWf8YrS7dDbjHbOE1VTjwCULRUKISZUgtU4hDSUB/p5+Y6DPQ/1mPXMgpT6C+M85/A6412qcZ/kQCp6O8TPYfGZGnByYJQd6PWF/4R2fiOeQ4VUK4Rgk6UvafIky4qRIYkcL2uQmAK0g37L4nwqOGBFBxRstxWLlq67qCk1HevEZa2/Ctuz3YtxueQRSCSPst5r2vNm8sg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oKYSrntSY5aRPtPOaaLCJLyKDz2RVKzXgLdz/F6HqBM=; b=foObH2C3Jc6rzc0YegaTGNfU8qowKnZqsLb2YcgcwY1yFW5cBJz/4ng4wExcs6Rblu1xd19LyG9LBvNJI2W0yu14BiQEvuK3FLoidc1i6gIeaQPwog5eG4CIpn5vsPsc9rNUnV2wg26O5ZGo8tAsr1lUS6MFR6MhmBjWOPKc9bE= Received: from CY8PR10MB6538.namprd10.prod.outlook.com (2603:10b6:930:5a::17) by SA2PR10MB4796.namprd10.prod.outlook.com (2603:10b6:806:115::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Fri, 12 Apr 2024 13:54:49 +0000 Received: from CY8PR10MB6538.namprd10.prod.outlook.com ([fe80::2dae:7852:9563:b4bc]) by CY8PR10MB6538.namprd10.prod.outlook.com ([fe80::2dae:7852:9563:b4bc%6]) with mapi id 15.20.7409.042; Fri, 12 Apr 2024 13:54:49 +0000 From: Qing Zhao To: josmyers@redhat.com, richard.guenther@gmail.com, siddhesh@gotplt.org, uecker@tugraz.at, keescook@chromium.org, isanbard@gmail.com, gcc-patches@gcc.gnu.org Cc: Qing Zhao Subject: [PATCH v9 4/5] Use the .ACCESS_WITH_SIZE in bound sanitizer. Date: Fri, 12 Apr 2024 13:54:29 +0000 Message-Id: <20240412135430.4122328-5-qing.zhao@oracle.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20240412135430.4122328-1-qing.zhao@oracle.com> References: <20240412135430.4122328-1-qing.zhao@oracle.com> X-ClientProxiedBy: PH0PR07CA0054.namprd07.prod.outlook.com (2603:10b6:510:e::29) To CY8PR10MB6538.namprd10.prod.outlook.com (2603:10b6:930:5a::17) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY8PR10MB6538:EE_|SA2PR10MB4796:EE_ X-MS-Office365-Filtering-Correlation-Id: df724748-d447-48d5-d12d-08dc5af81ee1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6YQPrDSc8tFOO44Ub4DR1GqnqzntFELNma9bcvh1IDEQ+T+7uUTVHAAsJdBOobMXN4uvbPKBSim/7njUaCCtI/d2q/0bWQCPgy5iEoqUmTGcEzNN5ufFxDLL1x1Sa/Q9LVGD0dW+++a/hsA1U1oHD5WcM/2Ui1KIa7C6pPLyCyCoanx/+JjMHNNAtVdKhZjjYiQJPnJblv4g0QRzxCfzoAkKvtAfyyaXeE/CK5AMauCm8ASILpxM4xT9zs3iGGc4CFhccp10FXwLS8JjjY516kbZxf0Xj1WgWT11Hzx0tqhGKqD3XBYtc8Qhnsto3UIobjvQu+FasuDlde3lQXcbwh+Reu9fopcXy2ocuqO4tvDPQjEOLzkKk3KXXHU6iJwSRx3/zpnfcyYzpE/h5hfidhO0RMTooABQOj8t78YSQfdD34J2vFSbAVnjzWhHGPJ5NnOLmLVW4I55nxdNF5v58kkUX7VnPoyV9NEkek6sXSDT+sHYbjAJJA07IpupAma1KhSEmeyIhY+kcMo8lyNg3NVzMof4kvPI+bi0fsJFUuqQGDgpQXOM8N97ZBPNNUS0Et8IWzjpwsn6Th0YKbpd+xt8AAwGY1sj0D2aiKyErg+X8ImpAmQdpE29vtJii7F4 X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY8PR10MB6538.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: kltcImQ5SDivjL1FOWyN31HLDjR66yv+ARqRhNvYRxzxCiD9E6ltmmetPim/iNWf+s628E5KonY6Jkgr8UXTJejbaVWF/n00aVENqWI+0m5/1i2iqoZTJE33mSwKWAtxrvxLIy3Vt2Rw56EaLWjsp44F/6Hw9oaoOHIFqKEN6jmJRQyWZYRhJkv9myihUgAQs+0fF7oFRlNN6rKG3VcK7y4aSm/sWOQhBTvM53Nfr+MaGYCc4IhxBD/UMHdkz2Sdm1CdbETej9S5LNa6fwumPwQQFFb8utSxQ2ikJT/ezNAzrsFlNBpnETWHDMC4pTnK75YMCjsCgL3hoSLbtQi6ALvjUp5ilC/Ua9z3H3sQGujITLGx7do5GsXKB+vUHOnNDX+LeKd+7sXZVurNf9bwWpUW2rr/mPVbXBOQrqxRdS5hfPCbNbwMOAsew3RTKrbTDunFrSHwz2LBVTCjWLCYW4h9gxUJL/FGndWJ35xfqv6/LhWG9jYvODnSv7vH4yZy/dqQX1P6L+4Gq867CWuc4mzGPqKGdSL30f4uun6sSIJJRtLVnpMgygUQb4kIpKjDpcA2peSYHtWZOsN+aCo6lKlRyveVpS0x7B/GzRTXv2egy14IQMWXZLUYn9xh7T7opqxG/EiUiKghX6f/GUYF3UZrVhvjzP/uRNSAH9Nd1P1qOxGlPO5QR+zd7waKr6XsAi4s2dKnsTlTSSnR3gyTgNkKpW9cJ4Q3505SVlfwEAQbPNb98W5gRT96JPenH5LkyyUJbbhP9UlqWFKVKJ57lnRXsv1+XR3VF6enN+eRXIqT5G5Apu5tNKWgCeHDA8CAChwBypFqq4ct43ogI3DDLfes9dCufUVcK9UgaKBnFZrxcxh5uiljdLVOcZaaVZwJEqZU9JA9FRZAbJqP0g4g1sYQMqKuwHnXhD2WXyRSBwhSBNop+FqRlJCstgVPJa1kjeTUip5Xl8aJmL3remo4gHiwRoY5Z75P/3qlfWzAgauUEw+/8p+lXz718mlqq7bAiiEBAFMvlBbFcZVbemahihQ2J6w1zSLThf78rhwF1IfuKr0lSsNctogX3q8bzzPdswWVJk3KwkIfXXiQKYvGWz/6vPxdmwVx2Y1tNRASWcwfK0r0a2cLGA91M+2e+aGxDkfJ9qhfelhysL3HTmj7Mkq8O+hzjzqn0K7RxlvH2plxaHwyTAhBQh/PNQW/B/ih4tcxt7L6hI/gwjxksdJ3gFCp+S3iPJs97oYjZ2B89eZQLc7f5engkT+03jE6Zv9Tcy04oVDizZSSBQeBVj0CBMGpt0n843KrCFYdm3izx2RSP83rOVHaE6oRMZJ6A+u+0OOPz0PtmgulEJ1SQIIQPKe9reoxGrPgRztu+YD/iB0zVnTaCukHdSzQ1AieeDMwI9T2ZgzF5xdYozTuE9ws6v3ZwSMKFPrFMV8Igt1/Bj+nwbd5Wz18ur/N/INg3TP3K4lCV+NdP7uWrmgp2wbZt8E80vWQL3RSaWGPqUcQ65Bsup8TYrIifAFLKcJv+nko+fxWF2KFkPKVdNo5DxiXOoBxQX7NG9rg6AGMCIRcP1/mKkLJzM/fLSkig/4IXajS X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: GGI/TH9/MNcuU3WUtIW73xD/Dw3vviHjnuXRPUCp2Fj0H4LUHHTa/6XFWPfooiq+p9dq2IbNihCpmpZMNzSr+4Hu65omOI5L23uGTTqM+HXKFr03jq+e4imOqsyYohPytfAVsOAJpi7vloaV8H8N1WOz095D/Yu7NaN3Un2dzNKAsBs8y/IzZTLwPkkVyZVRpbdxZw1HrD7q+2TaA/fp4fNp1DNkZyJeVyexnGyfAQlt5sfWXHeX+yy+VFSG4G2hgqjaK/vJqpHjgJQO0IszFKlAFOTterjxut29f2FKG1DLf7zYLBsTjX8qzubTQmOViW8os52UnDwz8JcTNgfUh5Ii1KNgbPUupZTHUML2Sj00+RbxUiQRTgqqzqvhZ6B4cBweigmKTWSY4LbHs14YiIfDsXGOuQdrJ2h9oPUaDIrgSG4vm+uVvgQbjNzj87EOltAqcZt0VIRbUz95On7qAwBOqRwJl8HmS7L38MWaT2vO9hPP2nAWdw/YpNKZZhGpCrtlAXId1BxbzbL6xDUtMmRcRWqHiyRWCyZqu4sl9G1F5MnYINodWAoMpA6KW9U/yqtSqlMsm0X8WTB+js8yq7tiNq0k20dftOrY3rywwrI= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: df724748-d447-48d5-d12d-08dc5af81ee1 X-MS-Exchange-CrossTenant-AuthSource: CY8PR10MB6538.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Apr 2024 13:54:49.7853 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: z7MnfFUXHmim4RAEHp8Ykynru0sZvxSS9MBYK1XL51t8DchxbpZTbQSUhewxsxjMNgXCdwsgpMmzF6vBu0cmzA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR10MB4796 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-12_10,2024-04-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 adultscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2404010000 definitions=main-2404120100 X-Proofpoint-GUID: 4Lc9ijGnfYpveoI4IrsdE5pQNBG_UEUK X-Proofpoint-ORIG-GUID: 4Lc9ijGnfYpveoI4IrsdE5pQNBG_UEUK X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org gcc/c-family/ChangeLog: * c-ubsan.cc (get_bound_from_access_with_size): New function. (ubsan_instrument_bounds): Handle call to .ACCESS_WITH_SIZE. gcc/testsuite/ChangeLog: * gcc.dg/ubsan/flex-array-counted-by-bounds-2.c: New test. * gcc.dg/ubsan/flex-array-counted-by-bounds-3.c: New test. * gcc.dg/ubsan/flex-array-counted-by-bounds-4.c: New test. * gcc.dg/ubsan/flex-array-counted-by-bounds.c: New test. --- gcc/c-family/c-ubsan.cc | 42 +++++++++++++++++ .../ubsan/flex-array-counted-by-bounds-2.c | 45 ++++++++++++++++++ .../ubsan/flex-array-counted-by-bounds-3.c | 34 ++++++++++++++ .../ubsan/flex-array-counted-by-bounds-4.c | 34 ++++++++++++++ .../ubsan/flex-array-counted-by-bounds.c | 46 +++++++++++++++++++ 5 files changed, 201 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c create mode 100644 gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c diff --git a/gcc/c-family/c-ubsan.cc b/gcc/c-family/c-ubsan.cc index 940982819ddf..7cd3c6aa5b88 100644 --- a/gcc/c-family/c-ubsan.cc +++ b/gcc/c-family/c-ubsan.cc @@ -376,6 +376,40 @@ ubsan_instrument_return (location_t loc) return build_call_expr_loc (loc, t, 1, build_fold_addr_expr_loc (loc, data)); } +/* Get the tree that represented the number of counted_by, i.e, the maximum + number of the elements of the object that the call to .ACCESS_WITH_SIZE + points to, this number will be the bound of the corresponding array. */ +static tree +get_bound_from_access_with_size (tree call) +{ + if (!is_access_with_size_p (call)) + return NULL_TREE; + + tree ref_to_size = CALL_EXPR_ARG (call, 1); + unsigned int class_of_size = TREE_INT_CST_LOW (CALL_EXPR_ARG (call, 2)); + tree type = TREE_TYPE (CALL_EXPR_ARG (call, 3)); + tree size = fold_build2 (MEM_REF, type, unshare_expr (ref_to_size), + build_int_cst (ptr_type_node, 0)); + /* If size is negative value, treat it as zero. */ + if (!TYPE_UNSIGNED (type)) + { + tree cond = fold_build2 (LT_EXPR, boolean_type_node, + unshare_expr (size), build_zero_cst (type)); + size = fold_build3 (COND_EXPR, type, cond, + build_zero_cst (type), size); + } + + /* Only when class_of_size is 1, i.e, the number of the elements of + the object type, return the size. */ + if (class_of_size != 1) + return NULL_TREE; + else + size = fold_convert (sizetype, size); + + return size; +} + + /* Instrument array bounds for ARRAY_REFs. We create special builtin, that gets expanded in the sanopt pass, and make an array dimension of it. ARRAY is the array, *INDEX is an index to the array. @@ -401,6 +435,14 @@ ubsan_instrument_bounds (location_t loc, tree array, tree *index, && COMPLETE_TYPE_P (type) && integer_zerop (TYPE_SIZE (type))) bound = build_int_cst (TREE_TYPE (TYPE_MIN_VALUE (domain)), -1); + else if (INDIRECT_REF_P (array) + && is_access_with_size_p ((TREE_OPERAND (array, 0)))) + { + bound = get_bound_from_access_with_size ((TREE_OPERAND (array, 0))); + bound = fold_build2 (MINUS_EXPR, TREE_TYPE (bound), + bound, + build_int_cst (TREE_TYPE (bound), 1)); + } else return NULL_TREE; } diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c new file mode 100644 index 000000000000..b503320628d2 --- /dev/null +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-2.c @@ -0,0 +1,45 @@ +/* Test the attribute counted_by and its usage in + bounds sanitizer combined with VLA. */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds" } */ +/* { dg-output "index 11 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "\[^\n\r]*index 20 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "\[^\n\r]*index 11 out of bounds for type 'int \\\[\\\*\\\]\\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output "\[^\n\r]*index 10 out of bounds for type 'int \\\[\\\*\\\]'\[^\n\r]*(\n|\r\n|\r)" } */ + + +#include + +void __attribute__((__noinline__)) setup_and_test_vla (int n, int m) +{ + struct foo { + int n; + int p[][n] __attribute__((counted_by(n))); + } *f; + + f = (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n])); + f->n = m; + f->p[m][n-1]=1; + return; +} + +void __attribute__((__noinline__)) setup_and_test_vla_1 (int n1, int n2, int m) +{ + struct foo { + int n; + int p[][n2][n1] __attribute__((counted_by(n))); + } *f; + + f = (struct foo *) malloc (sizeof(struct foo) + m*sizeof(int[n2][n1])); + f->n = m; + f->p[m][n2][n1]=1; + return; +} + +int main(int argc, char *argv[]) +{ + setup_and_test_vla (10, 11); + setup_and_test_vla_1 (10, 11, 20); + return 0; +} + diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c new file mode 100644 index 000000000000..9da25644af3e --- /dev/null +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-3.c @@ -0,0 +1,34 @@ +/* Test the attribute counted_by and its usage in bounds + sanitizer. when counted_by field is negative value. */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds" } */ + +#include + +struct annotated { + int b; + int c[] __attribute__ ((counted_by (b))); +} *array_annotated; + +void __attribute__((__noinline__)) setup (int annotated_count) +{ + array_annotated + = (struct annotated *)malloc (sizeof (struct annotated)); + array_annotated->b = annotated_count; + + return; +} + +void __attribute__((__noinline__)) test (int annotated_index) +{ + array_annotated->c[annotated_index] = 2; +} + +int main(int argc, char *argv[]) +{ + setup (-3); + test (2); + return 0; +} + +/* { dg-output "24:21: runtime error: index 2 out of bounds for type" } */ diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c new file mode 100644 index 000000000000..bd7e144274fc --- /dev/null +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds-4.c @@ -0,0 +1,34 @@ +/* Test the attribute counted_by and its usage in bounds + sanitizer. when counted_by field is zero value. */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds" } */ + +#include + +struct annotated { + int b; + int c[] __attribute__ ((counted_by (b))); +} *array_annotated; + +void __attribute__((__noinline__)) setup (int annotated_count) +{ + array_annotated + = (struct annotated *)malloc (sizeof (struct annotated)); + array_annotated->b = annotated_count; + + return; +} + +void __attribute__((__noinline__)) test (int annotated_index) +{ + array_annotated->c[annotated_index] = 2; +} + +int main(int argc, char *argv[]) +{ + setup (0); + test (1); + return 0; +} + +/* { dg-output "24:21: runtime error: index 1 out of bounds for type" } */ diff --git a/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c new file mode 100644 index 000000000000..e2b911dde626 --- /dev/null +++ b/gcc/testsuite/gcc.dg/ubsan/flex-array-counted-by-bounds.c @@ -0,0 +1,46 @@ +/* Test the attribute counted_by and its usage in + bounds sanitizer. */ +/* { dg-do run } */ +/* { dg-options "-fsanitize=bounds" } */ + +#include + +struct flex { + int b; + int c[]; +} *array_flex; + +struct annotated { + int b; + int c[] __attribute__ ((counted_by (b))); +} *array_annotated; + +void __attribute__((__noinline__)) setup (int normal_count, int annotated_count) +{ + array_flex + = (struct flex *)malloc (sizeof (struct flex) + + normal_count * sizeof (int)); + array_flex->b = normal_count; + + array_annotated + = (struct annotated *)malloc (sizeof (struct annotated) + + annotated_count * sizeof (int)); + array_annotated->b = annotated_count; + + return; +} + +void __attribute__((__noinline__)) test (int normal_index, int annotated_index) +{ + array_flex->c[normal_index] = 1; + array_annotated->c[annotated_index] = 2; +} + +int main(int argc, char *argv[]) +{ + setup (10, 10); + test (10, 10); + return 0; +} + +/* { dg-output "36:21: runtime error: index 10 out of bounds for type" } */