[ubsan] Detect invalid unsigned pointer index expression (clang)
Adding an unsigned offset to a base pointer has undefined behavior if
the result of the expression would precede the base. An example from
@regehr:
int foo(char *p, unsigned offset) {
return p + offset >= p; // This may be optimized to '1'.
}
foo(p, -1); // UB.
This patch extends the pointer overflow check in ubsan to detect invalid
unsigned pointer index expressions. It changes the instrumentation to
only permit non-negative offsets in pointer index expressions when all
of the GEP indices are unsigned.
Testing: check-llvm, check-clang run on a stage2, ubsan-instrumented
build.
Differential Revision: https://reviews.llvm.org/D33910
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@305216 91177308-0d34-0410-b5e6-96231b3b80d8
(cherry picked from commit 95174079f6bfdbff40b77c7641bf746c925ea6f7)
Conflicts:
lib/CodeGen/CGExpr.cpp
4 files changed