Skip to content

false negative unsigned integer overflow when wrapping around in different if branches #109886

New issue
New issue
Open
Open
false negative unsigned integer overflow when wrapping around in different if branches#109886
Labels
compiler-rt:ubsanUndefined behavior sanitizerfalse-positiveWarning fires when it should not
@carenas

Description

@carenas
carenas
opened on Sep 25, 2024

The following code:

int main(void)
{
	unsigned i = 1;
	int c = 1;

	if (c) {
		while (i-- > 0) { }
	} else {
		return i;
	}
	return 128;
}

shows

$ clang -fsanitize=integer t.c
$ ./a.out; echo $?
t.c:9:11: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior t.c:9:11 
128

note that while the variable is being used in the else branch, the execution through the main branch where it wraparounds, prevents it to reaching that path, and therefore even if technically DID wraparound, reporting that is not useful.

Additionally, it doesn't trigger if the variable is signed (which is actually UB), so there might be a fix in that implementation which might be missing for unsigned.

Metadata

Metadata

Assignees

No one assigned

    Labels

    compiler-rt:ubsanUndefined behavior sanitizerfalse-positiveWarning fires when it should not

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions