c-ubsan.c (ubsan_instrument_bounds): Don't skip instrumenting flexible member array-like members if...

* c-ubsan.c (ubsan_instrument_bounds): Don't skip instrumenting flexible member array-like members if SANITIZE_BOUNDS_STRICT. * doc/invoke.texi: Document -fsanitize=bounds-strict. * flag-types.h (enum sanitize_code): Add SANITIZE_BOUNDS_STRICT, or it into SANITIZE_NONDEFAULT. * opts.c (common_handle_option): Handle -fsanitize=bounds-strict. * c-c++-common/ubsan/bounds-10.c: New test. From-SVN: r222871
2025-01-11 08:54:35 +08:00 · 2015-05-07 08:08:57 +00:00 · 2015-05-07 08:08:57 +00:00 · e0f0d3b9d2
commit e0f0d3b9d2
parent ad2c39af63
8 changed files with 53 additions and 5 deletions
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@ -1,3 +1,11 @@
 2015-05-07  Marek Polacek  <polacek@redhat.com>
 	    Martin Uecker  <uecker@eecs.berkeley.edu>
 	* doc/invoke.texi: Document -fsanitize=bounds-strict.
 	* flag-types.h (enum sanitize_code): Add SANITIZE_BOUNDS_STRICT, or it
 	into SANITIZE_NONDEFAULT.
 	* opts.c (common_handle_option): Handle -fsanitize=bounds-strict.
 2015-05-07  Uros Bizjak  <ubizjak@gmail.com>
 	PR target/66015
--- a/gcc/c-family/ChangeLog
+++ b/gcc/c-family/ChangeLog
@ -1,3 +1,9 @@
 2015-05-07  Marek Polacek  <polacek@redhat.com>
 	    Martin Uecker  <uecker@eecs.berkeley.edu>
 	* c-ubsan.c (ubsan_instrument_bounds): Don't skip instrumenting
 	flexible member array-like members if SANITIZE_BOUNDS_STRICT.
 2015-05-05  Jason Merrill  <jason@redhat.com>
 	* c.opt (Wterminate): New.
@ -9,8 +15,8 @@
 2015-04-29  Josh Triplett  <josh@joshtriplett.org>
-        * c-common.c (handle_section_attribute): Refactor to reduce
+	* c-common.c (handle_section_attribute): Refactor to reduce
-        nesting and distinguish between error cases.
+	nesting and distinguish between error cases.
 2015-04-29  Marek Polacek  <polacek@redhat.com>
@ -30,7 +36,7 @@
 	* c-common.c (build_va_arg): Mark va_arg ap argument as addressable.
 2015-04-28  Eric Botcazou  <ebotcazou@adacore.com>
-            Pierre-Marie de Rodat  <derodat@adacore.com>
+	    Pierre-Marie de Rodat  <derodat@adacore.com>
 	* c-ada-spec.c (in_function): Delete.
 	(dump_generic_ada_node): Do not change in_function and remove the
--- a/gcc/c-family/c-ubsan.c
+++ b/gcc/c-family/c-ubsan.c
@ -301,9 +301,11 @@ ubsan_instrument_bounds (location_t loc, tree array, tree *index,
    bound = fold_build2 (PLUS_EXPR, TREE_TYPE (bound), bound,
 			 build_int_cst (TREE_TYPE (bound), 1));
-  /* Detect flexible array members and suchlike.  */
+  /* Detect flexible array members and suchlike, unless
     -fsanitize=bounds-strict.  */
  tree base = get_base_address (array);
-  if (TREE_CODE (array) == COMPONENT_REF
+  if ((flag_sanitize & SANITIZE_BOUNDS_STRICT) == 0
      && TREE_CODE (array) == COMPONENT_REF
      && base && (TREE_CODE (base) == INDIRECT_REF
 		  || TREE_CODE (base) == MEM_REF))
    {
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@ -5736,6 +5736,13 @@ This option enables instrumentation of array bounds.  Various out of bounds
 accesses are detected.  Flexible array members, flexible array member-like
 arrays, and initializers of variables with static storage are not instrumented.
@item -fsanitize=bounds-strict
@opindex fsanitize=bounds-strict
 This option enables strict instrumentation of array bounds.  Most out of bounds
 accesses are detected, including flexible array members and flexible array
 member-like arrays.  Initializers of variables with static storage are not
 instrumented.
@item -fsanitize=alignment
@opindex fsanitize=alignment
--- a/gcc/flag-types.h
+++ b/gcc/flag-types.h
@ -238,6 +238,7 @@ enum sanitize_code {
  SANITIZE_RETURNS_NONNULL_ATTRIBUTE = 1UL << 19,
  SANITIZE_OBJECT_SIZE = 1UL << 20,
  SANITIZE_VPTR = 1UL << 21,
  SANITIZE_BOUNDS_STRICT = 1UL << 22,
  SANITIZE_UNDEFINED = SANITIZE_SHIFT | SANITIZE_DIVIDE | SANITIZE_UNREACHABLE
 		       | SANITIZE_VLA | SANITIZE_NULL | SANITIZE_RETURN
 		       | SANITIZE_SI_OVERFLOW | SANITIZE_BOOL | SANITIZE_ENUM
@ -246,6 +247,7 @@ enum sanitize_code {
 		       | SANITIZE_RETURNS_NONNULL_ATTRIBUTE
 		       | SANITIZE_OBJECT_SIZE | SANITIZE_VPTR,
  SANITIZE_NONDEFAULT = SANITIZE_FLOAT_DIVIDE | SANITIZE_FLOAT_CAST
 			| SANITIZE_BOUNDS_STRICT
 };
 /* flag_vtable_verify initialization levels. */
--- a/gcc/opts.c
+++ b/gcc/opts.c
@ -1584,6 +1584,8 @@ common_handle_option (struct gcc_options *opts,
 	      { "float-cast-overflow", SANITIZE_FLOAT_CAST,
 		sizeof "float-cast-overflow" - 1 },
 	      { "bounds", SANITIZE_BOUNDS, sizeof "bounds" - 1 },
 	      { "bounds-strict", SANITIZE_BOUNDS | SANITIZE_BOUNDS_STRICT,
 		sizeof "bounds-strict" - 1 },
 	      { "alignment", SANITIZE_ALIGNMENT, sizeof "alignment" - 1 },
 	      { "nonnull-attribute", SANITIZE_NONNULL_ATTRIBUTE,
 		sizeof "nonnull-attribute" - 1 },
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@ -1,3 +1,8 @@
 2015-05-07  Marek Polacek  <polacek@redhat.com>
 	    Martin Uecker  <uecker@eecs.berkeley.edu>
 	* c-c++-common/ubsan/bounds-10.c: New test.
 2015-05-06  David Malcolm  <dmalcolm@redhat.com>
 	* jit.dg/harness.h (set_options): Wrap with
--- a/gcc/testsuite/c-c++-common/ubsan/bounds-10.c
+++ b/gcc/testsuite/c-c++-common/ubsan/bounds-10.c
@ -0,0 +1,16 @@
 /* { dg-do run } */
 /* { dg-options "-fsanitize=bounds-strict" } */
 struct V { int l; int a[1]; };
 int
 main (void)
 {
  /* For strict, do instrument last array in a struct.  */
  struct V *v = (struct V *) __builtin_malloc (sizeof (struct V) + 10);
  v->a[1] = 1;
  return 0;
 }
 /* { dg-output "index 1 out of bounds for type 'int \\\[1\\\]'" } */