[Bug sanitizer/82072] sanitizer does not detect an overflow from LLONG_MIN

jakub at gcc dot gnu.org Mon, 04 Sep 2017 06:27:08 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82072


--- Comment #14 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
(In reply to Marek Polacek from comment #13)
> So maybe
> 
> --- a/gcc/convert.c
> +++ b/gcc/convert.c
> @@ -886,6 +886,10 @@ convert_to_integer_1 (tree type, tree expr, bool dofold)
>         break;
>  
>       case NEGATE_EXPR:
> +       /* Using unsigned arithmetic may hide overflow bugs.  */
> +       if (sanitize_flags_p (SANITIZE_SI_OVERFLOW))
> +         break;
> +       /* Falls through.  */
>       case BIT_NOT_EXPR:
>         /* This is not correct for ABS_EXPR,
>            since we must test the sign before truncation.  */
> @@ -902,12 +906,7 @@ convert_to_integer_1 (tree type, tree expr, bool dofold)
>                             TYPE_UNSIGNED (typex));
>  
>           if (!TYPE_UNSIGNED (typex))
> -       {
> -         /* Using unsigned arithmetic may hide overflow bugs.  */
> -         if (sanitize_flags_p (SANITIZE_SI_OVERFLOW))
> -           break;
> -         typex = unsigned_type_for (typex);
> -       }
> +       typex = unsigned_type_for (typex);
>           return convert (type,
>                   fold_build1 (ex_form, typex,
>                        convert (typex,

Without checking if the inner type is signed?  That would unnecessarily
penalize code where we have say:
unsigned long long l;
unsigned int i = -l;
or similar, no?

[Bug sanitizer/82072] sanitizer does not detect an overflow from LLONG_MIN

Reply via email to