re PR sanitizer/80349 (UBSAN: compile time crash with "type mismatch in binary expres...

	PR sanitizer/80349
	* fold-const.c (fold_binary_loc) <case EQ_EXPR, NE_EXPR>: Convert
	arg10 and arg11 to itype.

	* c-c++-common/ubsan/pr80349.c: New test.

From-SVN: r247352

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 7463a78..d8ee426 100644 (file)
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-27  Marek Polacek  <polacek@redhat.com>
+
+       PR sanitizer/80349
+       * fold-const.c (fold_binary_loc) <case EQ_EXPR, NE_EXPR>: Convert
+       arg10 and arg11 to itype.
+
 2017-04-27  Jonathan Wakely  <jwakely@redhat.com>
 
        * doc/extend.texi (Object Size Checking): Improve grammar.

diff --git a/gcc/fold-const.c b/gcc/fold-const.c
index ce4b2df..f6d5af4 100644 (file)
--- a/gcc/fold-const.c
+++ b/gcc/fold-const.c
@@ -10797,40 +10797,37 @@ fold_binary_loc (location_t loc,
          tree itype = TREE_TYPE (arg0);
 
          if (operand_equal_p (arg01, arg11, 0))
-           return fold_build2_loc (loc, code, type,
-                               fold_build2_loc (loc, BIT_AND_EXPR, itype,
-                                            fold_build2_loc (loc,
-                                                         BIT_XOR_EXPR, itype,
-                                                         arg00, arg10),
-                                            arg01),
-                               build_zero_cst (itype));
-
+           {
+             tem = fold_convert_loc (loc, itype, arg10);
+             tem = fold_build2_loc (loc, BIT_XOR_EXPR, itype, arg00, tem);
+             tem = fold_build2_loc (loc, BIT_AND_EXPR, itype, tem, arg01);
+             return fold_build2_loc (loc, code, type, tem,
+                                     build_zero_cst (itype));
+           }
          if (operand_equal_p (arg01, arg10, 0))
-           return fold_build2_loc (loc, code, type,
-                               fold_build2_loc (loc, BIT_AND_EXPR, itype,
-                                            fold_build2_loc (loc,
-                                                         BIT_XOR_EXPR, itype,
-                                                         arg00, arg11),
-                                            arg01),
-                               build_zero_cst (itype));
-
+           {
+             tem = fold_convert_loc (loc, itype, arg11);
+             tem = fold_build2_loc (loc, BIT_XOR_EXPR, itype, arg00, tem);
+             tem = fold_build2_loc (loc, BIT_AND_EXPR, itype, tem, arg01);
+             return fold_build2_loc (loc, code, type, tem,
+                                     build_zero_cst (itype));
+           }
          if (operand_equal_p (arg00, arg11, 0))
-           return fold_build2_loc (loc, code, type,
-                               fold_build2_loc (loc, BIT_AND_EXPR, itype,
-                                            fold_build2_loc (loc,
-                                                         BIT_XOR_EXPR, itype,
-                                                         arg01, arg10),
-                                            arg00),
-                               build_zero_cst (itype));
-
+           {
+             tem = fold_convert_loc (loc, itype, arg10);
+             tem = fold_build2_loc (loc, BIT_XOR_EXPR, itype, arg01, tem);
+             tem = fold_build2_loc (loc, BIT_AND_EXPR, itype, tem, arg00);
+             return fold_build2_loc (loc, code, type, tem,
+                                     build_zero_cst (itype));
+           }
          if (operand_equal_p (arg00, arg10, 0))
-           return fold_build2_loc (loc, code, type,
-                               fold_build2_loc (loc, BIT_AND_EXPR, itype,
-                                            fold_build2_loc (loc,
-                                                         BIT_XOR_EXPR, itype,
-                                                         arg01, arg11),
-                                            arg00),
-                               build_zero_cst (itype));
+           {
+             tem = fold_convert_loc (loc, itype, arg11);
+             tem = fold_build2_loc (loc, BIT_XOR_EXPR, itype, arg01, tem);
+             tem = fold_build2_loc (loc, BIT_AND_EXPR, itype, tem, arg00);
+             return fold_build2_loc (loc, code, type, tem,
+                                     build_zero_cst (itype));
+           }
        }
 
       if (TREE_CODE (arg0) == BIT_XOR_EXPR

diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 3523e2b..5f25ed1 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2017-04-27  Marek Polacek  <polacek@redhat.com>
+
+       PR sanitizer/80349
+       * c-c++-common/ubsan/pr80349.c: New test.
+
 2017-04-27  Volker Reichelt  <v.reichelt@netcologne.de>
 
        * g++.dg/cpp1z/direct-enum-init1.C: Adjust for more verbose enum

diff --git a/gcc/testsuite/c-c++-common/ubsan/pr80349.c b/gcc/testsuite/c-c++-common/ubsan/pr80349.c
new file mode 100644 (file)
index 0000000..eb2e3da
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/pr80349.c
@@ -0,0 +1,30 @@
+/* PR sanitizer/80349 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=undefined" } */
+
+int var;
+long a;
+
+long
+fn1 ()
+{
+  return 0 % ((a & 1) == (7UL & 1));
+}
+
+long
+fn2 ()
+{
+  return 0 % ((a & 1) == (1 & 7UL));
+}
+
+long
+fn3 ()
+{
+  return 0 % ((1 & a) == (7UL & 1));
+}
+
+long
+fn4 ()
+{
+  return 0 % ((1 & a) == (1 & 7UL));
+}