53163 – [4.7/4.8 Regression] crash due to null ptr deref

Bug 53163 - [4.7/4.8 Regression] crash due to null ptr deref

Summary: [4.7/4.8 Regression] crash due to null ptr deref

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	tree-optimization (show other bugs)
Version:	4.8.0

Importance:	P3 normal
Target Milestone:	4.7.1
Assignee:	Jakub Jelinek

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-04-30 05:08 UTC by John Regehr
Modified:	2012-05-02 10:23 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:	2012-04-30 00:00:00

Attachments
gcc48-pr53163.patch (748 bytes, patch) 2012-04-30 07:24 UTC, Jakub Jelinek	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Regehr 2012-04-30 05:08:59 UTC

[regehr@dyson r43]$ current-gcc -c -O3 small.c
small.c: In function 'fn2':
small.c:22:1: internal compiler error: Segmentation fault
 fn2 ()
 ^
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
[regehr@dyson r43]$ cat small.c
struct
{
    int f0;
} b, f;
int a, c;
void
fn1 ()
{
    int d, e;
    d = 4;
    for (; d < 19; ++d)
    {
        e = 2;
        for (; e >= 0; e--)
        {
            a = 0;
            a = 1;
        }
    }
}
void
fn2 ()
{
    int g, h, i;
    i = 1;
    for (; i >= 0; i--)
    {
        b = f;
        g = 0;
        for (; g <= 1; g++)
        {
            if (c)
                break;
            h = 0;
            for (; h <= 1; h++)
                fn1 ();
            fn1 ();
        }
    }
}
[regehr@dyson r43]$ current-gcc -v
Using built-in specs.
COLLECT_GCC=current-gcc
COLLECT_LTO_WRAPPER=/uusoc/exports/scratch/regehr/z/compiler-install/gcc-r186946-install/bin/../libexec/gcc/x86_64-unknown-linux-gnu/4.8.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: ../configure --with-libelf=/usr/local --enable-lto --prefix=/home/regehr/z/compiler-install/gcc-r186946-install --program-prefix=r186946- --enable-languages=c,c++
Thread model: posix
gcc version 4.8.0 20120429 (experimental) (GCC)

Comment 1 Jakub Jelinek 2012-04-30 07:01:55 UTC

Started with http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=183624
I think the bug is that cond_if_else_store_replacement is ignoring return value from compute_all_dependences.

Comment 2 Jakub Jelinek 2012-04-30 07:24:44 UTC

Created attachment 27264 [details]
gcc48-pr53163.patch

Untested fix.

Comment 3 Jakub Jelinek 2012-05-02 09:55:36 UTC

Author: jakub
Date: Wed May  2 09:55:32 2012
New Revision: 187038

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=187038
Log:
	PR tree-optimization/53163
	* tree-ssa-phiopt.c (cond_if_else_store_replacement): Don't ignore
	return value from compute_all_dependences.

	* gcc.c-torture/compile/pr53163.c: New test.

Added:
    trunk/gcc/testsuite/gcc.c-torture/compile/pr53163.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/tree-ssa-phiopt.c

Comment 4 Jakub Jelinek 2012-05-02 09:56:43 UTC

Author: jakub
Date: Wed May  2 09:56:39 2012
New Revision: 187039

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=187039
Log:
	PR tree-optimization/53163
	* tree-ssa-phiopt.c (cond_if_else_store_replacement): Don't ignore
	return value from compute_all_dependences.

	* gcc.c-torture/compile/pr53163.c: New test.

Added:
    branches/gcc-4_7-branch/gcc/testsuite/gcc.c-torture/compile/pr53163.c
Modified:
    branches/gcc-4_7-branch/gcc/ChangeLog
    branches/gcc-4_7-branch/gcc/testsuite/ChangeLog
    branches/gcc-4_7-branch/gcc/tree-ssa-phiopt.c

Comment 5 Jakub Jelinek 2012-05-02 10:23:54 UTC

Fixed.