diff mbox

Fix PR64078

Message ID 963e7657-0e40-9d73-f199-ffc709761428@mentor.com
State New
Headers show

Commit Message

Tom de Vries Aug. 30, 2016, 8:21 a.m. UTC 
On 29/08/16 18:43, Bernd Edlinger wrote:
> Thanks!
>
> Actually my patch missed to fix one combination: -m32 with -fpic
>
> make check-gcc-c++ RUNTESTFLAGS="ubsan.exp=object-size-9.c --tool_opts
> '-m32 -fpic'"
>
> FAIL: c-c++-common/ubsan/object-size-9.c   -O2  execution test
> FAIL: c-c++-common/ubsan/object-size-9.c   -O2 -flto
> -fno-use-linker-plugin -flto-partition=none  execution test
>
> The problem here is that the functions f2 and f3 access a stack-
> based object out of bounds and that is inlined in main and
> therefore smashes the return address of main in this case.
>
> A possible fix could look like follows:
>
> Index: object-size-9.c
> ===================================================================
> --- object-size-9.c	(revision 239794)
> +++ object-size-9.c	(working copy)
> @@ -93,5 +93,9 @@
>   #endif
>     f4 (12);
>     f5 (12);
> +#ifdef __cplusplus
> +  /* Stack may be smashed by f2/f3 above.  */
> +  __builtin_exit (0);
> +#endif
>     return 0;
>   }
>
>
> Do you think that this should be fixed too?

I think it should be fixed. Ideally, we'd prevent the out-of-bounds 
writes to have harmful effects, but I'm not sure how to enforce that.

This works for me:
...
...

But I have no idea how stable this solution is.

Thanks,
- Tom
diff mbox

Patch

diff --git a/gcc/testsuite/c-c++-common/ubsan/object-size-9.c 
b/gcc/testsuite/c-c++-common/ubsan/object-size-9.c
index 46f1fb9..fec920d 100644
--- a/gcc/testsuite/c-c++-common/ubsan/object-size-9.c
+++ b/gcc/testsuite/c-c++-common/ubsan/object-size-9.c
@@ -31,6 +31,7 @@  static struct C
  f2 (int i)
  {
    struct C x;
+  struct C x2;
    x.d[i] = 'z';
    return x;
  }
@@ -45,6 +46,7 @@  static struct C
  f3 (int i)
  {
    struct C x;
+  struct C x2;
    char *p = x.d;
    p += i;
    *p = 'z';