From patchwork Wed May 18 08:43:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pierre-Marie de Rodat X-Patchwork-Id: 54127 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 1B8DE385780F for ; Wed, 18 May 2022 08:49:44 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1B8DE385780F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1652863784; bh=YRrUFJwlV2K3qUpZijAL45JRLZu4f18Kw1JD9VBZi78=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=EGc1ah+3j4G1NUsmnT17niMlZIGT5aeGi1aqfAzKl6EQSgPvc2kdgY9WaH9lAwbQo PUf/Yd9/yl2rjSmdc7eDJix799JWCcwAtEpb2uSrEWqFOk5gvwamCKxAGiaKAG0ilI AvjSBYfi/EipyBbAlKdZu8DEt/DmtHVzBsH3WnYo= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by sourceware.org (Postfix) with ESMTPS id 4682B3858407 for ; Wed, 18 May 2022 08:43:09 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4682B3858407 Received: by mail-wm1-x329.google.com with SMTP id r6-20020a1c2b06000000b00396fee5ebc9so644395wmr.1 for ; Wed, 18 May 2022 01:43:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=YRrUFJwlV2K3qUpZijAL45JRLZu4f18Kw1JD9VBZi78=; b=T/yH6mxrQ52TowQ3iNcwydqDh+rVKif7EKf7pSyOSiQxLOGMcBCFNoGJle/lUcK75Q Tz0kM4n61tU614LAdanuF0DH+51d/pT9xz4sO5BlQphX9EC9uP4vnRex0wwCfpvGXR7l oYDpWg4TGI/GGHAeJQbH2fpfZAro4ve2RrmEI3s+wwysw5Ecz1/PidV3HbfDpvNxvuuK i8fp0IxK4TegVb2GHbyqMYZI0S7Ghbdy3tnLkHKRS6GyNSUt51bPk9i57hHH6IQN4vOg RPdhfq7L5kz46XkeUIPggjpQ8XG7nwsVVaZcmst8PEK0SJkhOFTwKfg4sCFV9i3tSl5h fGRw== X-Gm-Message-State: AOAM533jnpr2OBuXVV9391hKpqyad+YYYto1d8IdwWybJxEZ0q2rxRty pCSIkeJWb47bkr43mLnLrU3NpNWpdnGA0A== X-Google-Smtp-Source: ABdhPJz0SmWQKdle0d1ZhS9iGO0XE4ApAZ3zqylRFzX02VzmpoueuSZDivEh4xaMrgHfrLO6hLR8GA== X-Received: by 2002:a05:600c:1d9d:b0:394:7d22:9bdd with SMTP id p29-20020a05600c1d9d00b003947d229bddmr35200683wms.111.1652863388024; Wed, 18 May 2022 01:43:08 -0700 (PDT) Received: from adacore.com ([45.147.211.82]) by smtp.gmail.com with ESMTPSA id i13-20020a0560001acd00b0020cdbc5c4f0sm1350089wry.104.2022.05.18.01.43.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 May 2022 01:43:07 -0700 (PDT) Date: Wed, 18 May 2022 08:43:06 +0000 To: gcc-patches@gcc.gnu.org Subject: [Ada] Prevent overflow in computation of aggregate size Message-ID: <20220518084306.GA3307280@adacore.com> MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Pierre-Marie de Rodat via Gcc-patches From: Pierre-Marie de Rodat Reply-To: Pierre-Marie de Rodat Cc: Piotr Trojanek Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" When computing size of a static aggregate to decide if it should be transformed into assignments and loops we could have an overflow check. This is mostly harmless, because colossal aggregates will likely crash the application anyway, no matter how we transform them. This was not detected because compiler was built with -gnatg switch that suppresses overflow checks (they are only enabled by an explicit -gnato switch). Tested on x86_64-pc-linux-gnu, committed on trunk gcc/ada/ * exp_aggr.adb (Component_Count): Calculate size as an Uint and only then check if it is in the range of Int, as otherwise the multiplication of Int values can overflow. diff --git a/gcc/ada/exp_aggr.adb b/gcc/ada/exp_aggr.adb --- a/gcc/ada/exp_aggr.adb +++ b/gcc/ada/exp_aggr.adb @@ -661,10 +661,10 @@ package body Exp_Aggr is declare UI : constant Uint := - Expr_Value (Hi) - Expr_Value (Lo) + 1; + (Expr_Value (Hi) - Expr_Value (Lo) + 1) * Siz; begin if UI_Is_In_Int_Range (UI) then - return Siz * UI_To_Int (UI); + return UI_To_Int (UI); else return Int'Last; end if;