Constant Evaluation Handles Pointer Conversions in Object Size Builtins
GCC now performs constant evaluation of the `__builtin_object_size` and `__builtin_dynamic_object_size` builtins, handling pointer conversions for more accurat…
GCC’s constant evaluation now supports __builtin_object_size and __builtin_dynamic_object_size, even when pointer conversions are involved. Previously, the evaluation was limited to direct address expressions, which could lead to security regressions. This enhancement, performed in the frontend, strips pointer casts to improve accuracy during constant evaluation, particularly when the full object size is unknown.
In Details
This change enhances constexpr folding of __builtin_object_size and __builtin_dynamic_object_size in constexpr.cc. It addresses prior security regressions where conversions on the builtin's argument weren't correctly handled, leading to premature folding and incorrect size calculations. The fix strips pointer casts on the first argument during manifestly constant evaluation.
For Context
Constant evaluation in C++ allows the compiler to compute the value of expressions at compile time, improving performance. __builtin_object_size and __builtin_dynamic_object_size are compiler builtins used to determine the size of objects at runtime. This commit enhances constant evaluation of these builtins by stripping pointer casts to improve accuracy during constant evaluation. This ensures more precise size calculations, which helps prevent out-of-bounds accesses and potential security vulnerabilities.