re PR sanitizer/80349 (UBSAN: compile time crash with "type mismatch in binary expression" message)

PR sanitizer/80349 * fold-const.c (fold_binary_loc) <case EQ_EXPR, NE_EXPR>: Convert arg10 and arg11 to itype. * c-c++-common/ubsan/pr80349.c: New test. From-SVN: r247352
2017-04-27 21:12:29 +00:00 · 2017-04-27 21:12:29 +00:00 · 3777eda2ed
commit 3777eda2ed
parent f49215b10c
4 changed files with 69 additions and 31 deletions
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@ -1,3 +1,9 @@
+2017-04-27  Marek Polacek  <polacek@redhat.com>
+
+	PR sanitizer/80349
+	* fold-const.c (fold_binary_loc) <case EQ_EXPR, NE_EXPR>: Convert
+	arg10 and arg11 to itype.
+
 2017-04-27  Jonathan Wakely  <jwakely@redhat.com>

 	* doc/extend.texi (Object Size Checking): Improve grammar.
--- a/gcc/fold-const.c
+++ b/gcc/fold-const.c
@ -10797,40 +10797,37 @@ fold_binary_loc (location_t loc,
 	  tree itype = TREE_TYPE (arg0);

 	  if (operand_equal_p (arg01, arg11, 0))
-	    return fold_build2_loc (loc, code, type,
-				fold_build2_loc (loc, BIT_AND_EXPR, itype,
-					     fold_build2_loc (loc,
-							  BIT_XOR_EXPR, itype,
-							  arg00, arg10),
-					     arg01),
-				build_zero_cst (itype));
-
+	    {
+	      tem = fold_convert_loc (loc, itype, arg10);
+	      tem = fold_build2_loc (loc, BIT_XOR_EXPR, itype, arg00, tem);
+	      tem = fold_build2_loc (loc, BIT_AND_EXPR, itype, tem, arg01);
+	      return fold_build2_loc (loc, code, type, tem,
+				      build_zero_cst (itype));
+	    }
 	  if (operand_equal_p (arg01, arg10, 0))
-	    return fold_build2_loc (loc, code, type,
-				fold_build2_loc (loc, BIT_AND_EXPR, itype,
-					     fold_build2_loc (loc,
-							  BIT_XOR_EXPR, itype,
-							  arg00, arg11),
-					     arg01),
-				build_zero_cst (itype));
-
+	    {
+	      tem = fold_convert_loc (loc, itype, arg11);
+	      tem = fold_build2_loc (loc, BIT_XOR_EXPR, itype, arg00, tem);
+	      tem = fold_build2_loc (loc, BIT_AND_EXPR, itype, tem, arg01);
+	      return fold_build2_loc (loc, code, type, tem,
+				      build_zero_cst (itype));
+	    }
 	  if (operand_equal_p (arg00, arg11, 0))
-	    return fold_build2_loc (loc, code, type,
-				fold_build2_loc (loc, BIT_AND_EXPR, itype,
-					     fold_build2_loc (loc,
-							  BIT_XOR_EXPR, itype,
-							  arg01, arg10),
-					     arg00),
-				build_zero_cst (itype));
-
+	    {
+	      tem = fold_convert_loc (loc, itype, arg10);
+	      tem = fold_build2_loc (loc, BIT_XOR_EXPR, itype, arg01, tem);
+	      tem = fold_build2_loc (loc, BIT_AND_EXPR, itype, tem, arg00);
+	      return fold_build2_loc (loc, code, type, tem,
+				      build_zero_cst (itype));
+	    }
 	  if (operand_equal_p (arg00, arg10, 0))
-	    return fold_build2_loc (loc, code, type,
-				fold_build2_loc (loc, BIT_AND_EXPR, itype,
-					     fold_build2_loc (loc,
-							  BIT_XOR_EXPR, itype,
-							  arg01, arg11),
-					     arg00),
-				build_zero_cst (itype));
+	    {
+	      tem = fold_convert_loc (loc, itype, arg11);
+	      tem = fold_build2_loc (loc, BIT_XOR_EXPR, itype, arg01, tem);
+	      tem = fold_build2_loc (loc, BIT_AND_EXPR, itype, tem, arg00);
+	      return fold_build2_loc (loc, code, type, tem,
+				      build_zero_cst (itype));
+	    }
 	}

      if (TREE_CODE (arg0) == BIT_XOR_EXPR
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@ -1,3 +1,8 @@
+2017-04-27  Marek Polacek  <polacek@redhat.com>
+
+	PR sanitizer/80349
+	* c-c++-common/ubsan/pr80349.c: New test.
+
 2017-04-27  Volker Reichelt  <v.reichelt@netcologne.de>

 	* g++.dg/cpp1z/direct-enum-init1.C: Adjust for more verbose enum
--- a/gcc/testsuite/c-c++-common/ubsan/pr80349.c
+++ b/gcc/testsuite/c-c++-common/ubsan/pr80349.c
@ -0,0 +1,30 @@
+/* PR sanitizer/80349 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=undefined" } */
+
+int var;
+long a;
+
+long
+fn1 ()
+{
+  return 0 % ((a & 1) == (7UL & 1));
+}
+
+long
+fn2 ()
+{
+  return 0 % ((a & 1) == (1 & 7UL));
+}
+
+long
+fn3 ()
+{
+  return 0 % ((1 & a) == (7UL & 1));
+}
+
+long
+fn4 ()
+{
+  return 0 % ((1 & a) == (1 & 7UL));
+}