https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66908
Bug ID: 66908
Summary: Uninitialized variable when compiled with UBsan
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: m.guseva at samsung dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Created attachment 36002
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=36002&action=edit
Reproducer
When compiled with "-fsanitize=shift,bounds" the gcc reports that "i" variable
maybe uninitialized:
gcc -O2 -fsanitize=shift,bounds -std=gnu89 -Werror=maybe-uninitialized -c
testcase.c
testcase.c: In function Б─≤fooБ─≥:
testcase.c:21:36: error: Б─≤i.1Б─≥ may be used uninitialized in this function
[-Werror=maybe-uninitialized]
res[i] = ((data->scale[i] + tab[i]) << mult);
It's not true in original source code however in produced gimple the "i.1" is
initialized in <D.3009> block but may be used in block <D.3010>:
23 if (mult.0 > 31) goto <D.3009>; else goto <D.3010>;
24 <D.3009>:
25 D.3011 = (unsigned long) mult.0;
26 D.3012 = data->scale[i];
27 D.3013 = (int) D.3012;
28 i.1 = i;
29 UBSAN_BOUNDS (0B, i.1, 21);
30 D.3015 = tab[i.1];
31 D.3016 = (int) D.3015;
32 D.3017 = D.3013 + D.3016;
33 D.3018 = (unsigned long) D.3017;
34 __builtin___ubsan_handle_shift_out_of_bounds (&*.Lubsan_data0, D.3018,
D.3011);
35 goto <D.3019>;
36 <D.3010>:
37 <D.3019>:
38 D.3020 = (long unsigned int) i;
39 D.3021 = D.3020 * 4;
40 D.3022 = res + D.3021;
41 D.3012 = data->scale[i];
42 D.3013 = (int) D.3012;
43 UBSAN_BOUNDS (0B, i.1, 21);
Discovered in gcc 4.9.2, reproduced on trunk with "-std=gnu89".
