On Fri, 25 Aug 2023 at 18:15, David Malcolm via Gcc-patches <gcc-patches@gcc.gnu.org> wrote: > > Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. > Pushed to trunk as r14-3481-g99a3fcb8ff0bf2. Hi David, It seems the new tests FAIL on arm for LTO bootstrap config: https://ci.linaro.org/job/tcwg_bootstrap_check--master-arm-check_bootstrap_lto-build/263/artifact/artifacts/06-check_regression/fails.sum/*view*/ Please let me know if you need any help in reproducing these failures.
Thanks, Prathamesh > > gcc/analyzer/ChangeLog: > * access-diagram.cc (class string_region_spatial_item): Remove > assumption that the string is written to the start of the cluster. > > gcc/testsuite/ChangeLog: > * gcc.dg/analyzer/out-of-bounds-diagram-17.c: New test. > * gcc.dg/analyzer/out-of-bounds-diagram-18.c: New test. > * gcc.dg/analyzer/out-of-bounds-diagram-19.c: New test. > --- > gcc/analyzer/access-diagram.cc | 57 ++++++++++++------- > .../analyzer/out-of-bounds-diagram-17.c | 34 +++++++++++ > .../analyzer/out-of-bounds-diagram-18.c | 38 +++++++++++++ > .../analyzer/out-of-bounds-diagram-19.c | 45 +++++++++++++++ > 4 files changed, 155 insertions(+), 19 deletions(-) > create mode 100644 gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-17.c > create mode 100644 gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-18.c > create mode 100644 gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c > > diff --git a/gcc/analyzer/access-diagram.cc b/gcc/analyzer/access-diagram.cc > index d7b669a4e38e..a51d594b5b2c 100644 > --- a/gcc/analyzer/access-diagram.cc > +++ b/gcc/analyzer/access-diagram.cc > @@ -1509,10 +1509,16 @@ public: > out.add_all_bytes_in_range (m_actual_bits); > else > { > - byte_range head_of_string (0, m_ellipsis_head_len); > + byte_range bytes (0, 0); > + bool valid = m_actual_bits.as_concrete_byte_range (&bytes); > + gcc_assert (valid); > + byte_range head_of_string (bytes.get_start_byte_offset (), > + m_ellipsis_head_len); > out.add_all_bytes_in_range (head_of_string); > byte_range tail_of_string > - (TREE_STRING_LENGTH (string_cst) - m_ellipsis_tail_len, > + ((bytes.get_start_byte_offset () > + + TREE_STRING_LENGTH (string_cst) > + - m_ellipsis_tail_len), > m_ellipsis_tail_len); > out.add_all_bytes_in_range (tail_of_string); > /* Adding the above pair of ranges will also effectively add > @@ -1535,11 +1541,14 @@ public: > tree string_cst = get_string_cst (); > if (m_show_full_string) > { > - for (byte_offset_t byte_idx = bytes.get_start_byte_offset (); > - byte_idx < bytes.get_next_byte_offset (); > - byte_idx = byte_idx + 1) > - add_column_for_byte (t, btm, sm, byte_idx, > - byte_idx_table_y, byte_val_table_y); > + for (byte_offset_t byte_idx_within_cluster > + = bytes.get_start_byte_offset (); > + byte_idx_within_cluster < bytes.get_next_byte_offset (); > + byte_idx_within_cluster = byte_idx_within_cluster + 1) > + add_column_for_byte > + (t, btm, sm, byte_idx_within_cluster, > + byte_idx_within_cluster - bytes.get_start_byte_offset (), > + byte_idx_table_y, byte_val_table_y); > > if (m_show_utf8) > { > @@ -1566,10 +1575,13 @@ public: > = decoded_char.m_start_byte - TREE_STRING_POINTER > (string_cst); > byte_size_t size_in_bytes > = decoded_char.m_next_byte - decoded_char.m_start_byte; > - byte_range bytes (start_byte_idx, size_in_bytes); > + byte_range cluster_bytes_for_codepoint > + (start_byte_idx + bytes.get_start_byte_offset (), > + size_in_bytes); > > const table::rect_t code_point_table_rect > - = btm.get_table_rect (&m_string_reg, bytes, > + = btm.get_table_rect (&m_string_reg, > + cluster_bytes_for_codepoint, > utf8_code_point_table_y, 1); > char buf[100]; > sprintf (buf, "U+%04x", decoded_char.m_ch); > @@ -1579,7 +1591,8 @@ public: > if (show_unichars) > { > const table::rect_t character_table_rect > - = btm.get_table_rect (&m_string_reg, bytes, > + = btm.get_table_rect (&m_string_reg, > + cluster_bytes_for_codepoint, > utf8_character_table_y, 1); > if (cpp_is_printable_char (decoded_char.m_ch)) > t.set_cell_span (character_table_rect, > @@ -1598,12 +1611,14 @@ public: > { > /* Head of string. */ > for (int byte_idx = 0; byte_idx < m_ellipsis_head_len; byte_idx++) > - add_column_for_byte (t, btm, sm, byte_idx, > + add_column_for_byte (t, btm, sm, > + byte_idx + bytes.get_start_byte_offset (), > + byte_idx, > byte_idx_table_y, byte_val_table_y); > > /* Ellipsis (two rows high). */ > const byte_range ellipsis_bytes > - (m_ellipsis_head_len, > + (m_ellipsis_head_len + bytes.get_start_byte_offset (), > TREE_STRING_LENGTH (string_cst) > - (m_ellipsis_head_len + m_ellipsis_tail_len)); > const table::rect_t table_rect > @@ -1616,7 +1631,9 @@ public: > = (TREE_STRING_LENGTH (string_cst) - m_ellipsis_tail_len); > byte_idx < TREE_STRING_LENGTH (string_cst); > byte_idx++) > - add_column_for_byte (t, btm, sm, byte_idx, > + add_column_for_byte (t, btm, sm, > + byte_idx + bytes.get_start_byte_offset (), > + byte_idx, > byte_idx_table_y, byte_val_table_y); > } > > @@ -1660,25 +1677,27 @@ private: > > void add_column_for_byte (table &t, const bit_to_table_map &btm, > style_manager &sm, > - const byte_offset_t byte_idx, > + const byte_offset_t byte_idx_within_cluster, > + const byte_offset_t byte_idx_within_string, > const int byte_idx_table_y, > const int byte_val_table_y) const > { > tree string_cst = get_string_cst (); > - gcc_assert (byte_idx >= 0); > - gcc_assert (byte_idx < TREE_STRING_LENGTH (string_cst)); > + gcc_assert (byte_idx_within_string >= 0); > + gcc_assert (byte_idx_within_string < TREE_STRING_LENGTH (string_cst)); > > - const byte_range bytes (byte_idx, 1); > + const byte_range bytes (byte_idx_within_cluster, 1); > if (1) // show_byte_indices > { > const table::rect_t idx_table_rect > = btm.get_table_rect (&m_string_reg, bytes, byte_idx_table_y, 1); > t.set_cell_span (idx_table_rect, > fmt_styled_string (sm, "[%li]", > - byte_idx.ulow ())); > + byte_idx_within_string.ulow ())); > } > > - char byte_val = TREE_STRING_POINTER (string_cst)[byte_idx.ulow ()]; > + char byte_val > + = TREE_STRING_POINTER (string_cst)[byte_idx_within_string.ulow ()]; > const table::rect_t val_table_rect > = btm.get_table_rect (&m_string_reg, bytes, byte_val_table_y, 1); > table_cell_content content (make_cell_content_for_byte (sm, byte_val)); > diff --git a/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-17.c > b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-17.c > new file mode 100644 > index 000000000000..6920e8c776fc > --- /dev/null > +++ b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-17.c > @@ -0,0 +1,34 @@ > +/* { dg-additional-options "-fdiagnostics-text-art-charset=unicode" } */ > + > +#include <string.h> > + > +void test (void) > +{ > + char buf[10]; > + strcpy (buf, "hello"); > + strcat (buf, " world!"); /* { dg-warning "stack-based buffer overflow" } */ > + /* { dg-message "write of 3 bytes to beyond the end of 'buf'" "" { target > *-*-* } .-1 } */ > +} > + > +/* { dg-begin-multiline-output "" } > + ┌─────┬─────┬────┬────┬────┐┌─────┬─────┬─────┐ > + │ [0] │ [1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │ > + ├─────┼─────┼────┼────┼────┤├─────┼─────┼─────┤ > + │ ' ' │ 'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │ > + ├─────┴─────┴────┴────┴────┴┴─────┴─────┴─────┤ > + │ string literal (type: 'char[8]') │ > + └─────────────────────────────────────────────┘ > + │ │ │ │ │ │ │ │ > + │ │ │ │ │ │ │ │ > + v v v v v v v v > + ┌─────┬────────────────────────────────────────┬────┐┌─────────────────┐ > + │ [0] │ ... │[9] ││ │ > + ├─────┴────────────────────────────────────────┴────┤│after valid range│ > + │ 'buf' (type: 'char[10]') ││ │ > + └───────────────────────────────────────────────────┘└─────────────────┘ > + ├─────────────────────────┬─────────────────────────┤├────────┬────────┤ > + │ │ > + ╭─────────┴────────╮ ╭─────────┴─────────╮ > + │capacity: 10 bytes│ │overflow of 3 bytes│ > + ╰──────────────────╯ ╰───────────────────╯ > + { dg-end-multiline-output "" } */ > diff --git a/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-18.c > b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-18.c > new file mode 100644 > index 000000000000..ea0b88019cd9 > --- /dev/null > +++ b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-18.c > @@ -0,0 +1,38 @@ > +/* { dg-additional-options "-fdiagnostics-text-art-charset=unicode" } */ > + > +#include <string.h> > + > +void test (void) > +{ > + char buf[11]; > + strcpy (buf, "サツキ"); > + strcat (buf, "メイ"); /* { dg-warning "stack-based buffer overflow" } */ > + /* { dg-message "write of 5 bytes to beyond the end of 'buf'" "" { target > *-*-* } .-1 } */ > +} > + > +/* { dg-begin-multiline-output "" } > + ┌─────┬─────────┐┌────┬────┬────┬────┬──────┐ > + │ [0] │ [1] ││[2] │[3] │[4] │[5] │ [6] │ > + ├─────┼─────────┤├────┼────┼────┼────┼──────┤ > + │0xe3 │ 0x83 ││0xa1│0xe3│0x82│0xa4│ 0x00 │ > + ├─────┴─────────┴┴────┼────┴────┴────┼──────┤ > + │ U+30e1 │ U+30a4 │U+0000│ > + ├─────────────────────┼──────────────┼──────┤ > + │ メ │ イ │ NUL │ > + ├─────────────────────┴──────────────┴──────┤ > + │ string literal (type: 'char[7]') │ > + └───────────────────────────────────────────┘ > + │ │ │ │ │ │ │ > + │ │ │ │ │ │ │ > + v v v v v v v > + ┌────┬───────────────────────────┬─────────┐┌──────────────────────────┐ > + │[0] │ ... │ [10] ││ │ > + ├────┴───────────────────────────┴─────────┤│ after valid range │ > + │ 'buf' (type: 'char[11]') ││ │ > + └──────────────────────────────────────────┘└──────────────────────────┘ > + ├────────────────────┬─────────────────────┤├────────────┬─────────────┤ > + │ │ > + ╭─────────┴────────╮ ╭─────────┴─────────╮ > + │capacity: 11 bytes│ │overflow of 5 bytes│ > + ╰──────────────────╯ ╰───────────────────╯ > + { dg-end-multiline-output "" } */ > diff --git a/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c > b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c > new file mode 100644 > index 000000000000..35ab72b6efc2 > --- /dev/null > +++ b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c > @@ -0,0 +1,45 @@ > +/* { dg-additional-options "-fdiagnostics-text-art-charset=unicode > -Wno-stringop-overflow" } */ > +/* { dg-skip-if "" { powerpc-ibm-aix* } } */ > + > +#include <string.h> > + > +#define LOREM_IPSUM \ > + "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod" \ > + " tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim" \ > + " veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea" > \ > + " commodo consequat. Duis aute irure dolor in reprehenderit in voluptate" \ > + " velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint" \ > + " occaecat cupidatat non proident, sunt in culpa qui officia deserunt" \ > + " mollit anim id est laborum." > + > +void > +test_long_string () > +{ > + char buf[100]; > + strcpy (buf, "abc "); > + strcat (buf, LOREM_IPSUM); /* { dg-warning "stack-based buffer overflow" } > */ > + /* { dg-message "write of 350 bytes to beyond the end of 'buf'" "" { > target *-*-* } .-1 } */ > +} > + > +/* { dg-begin-multiline-output "" } > + ┌───┬───┬───┬───┬───┬───┬───────┬─────┬─────┬─────┬─────┬─────┬─────┐ > + │[0]│[1]│[2]│[3]│[4]│[5]│ │[440]│[441]│[442]│[443]│[444]│[445]│ > + ├───┼───┼───┼───┼───┼───┤ ... ├─────┼─────┼─────┼─────┼─────┼─────┤ > + │'L'│'o'│'r'│'e'│'m'│' '│ │ 'o' │ 'r' │ 'u' │ 'm' │ '.' │ NUL │ > + ├───┴───┴───┴───┴───┴───┴───────┴─────┴─────┴─────┴─────┴─────┴─────┤ > + │ string literal (type: 'char[446]') │ > + └───────────────────────────────────────────────────────────────────┘ > + │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ > + │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ > + v v v v v v v v v v v v v v v > + ┌───┬──────────────────────────┬────┐┌────────────────────────────────────┐ > + │[0]│ ... │[99]││ │ > + ├───┴──────────────────────────┴────┤│ after valid range │ > + │ 'buf' (type: 'char[100]') ││ │ > + └───────────────────────────────────┘└────────────────────────────────────┘ > + ├─────────────────┬─────────────────┤├─────────────────┬──────────────────┤ > + │ │ > + ╭─────────┴─────────╮ ╭──────────┴──────────╮ > + │capacity: 100 bytes│ │overflow of 350 bytes│ > + ╰───────────────────╯ ╰─────────────────────╯ > + { dg-end-multiline-output "" } */ > -- > 2.26.3 >