This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug testsuite/64427] gcc.target/i386/pr64291-1.c is invalid

From: "hjl.tools at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Sun, 28 Dec 2014 18:59:04 +0000
Subject: [Bug testsuite/64427] gcc.target/i386/pr64291-1.c is invalid
Auto-submitted: auto-generated
References: <bug-64427-4 at http dot gcc dot gnu dot org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64427

--- Comment #3 from H.J. Lu <hjl.tools at gmail dot com> ---
(In reply to Marc Glisse from comment #2)
> Restricting the testcase to x86_64 would be fine with me.
> 
> As far as main is concerned, f could have written in n and d. The
> uninitialized values are only passed around, it doesn't seem relevant.

There are

  mpz_t n, d;
  long nn, dn;
  unsigned long *np, *dup, *dnp, *qp;
  long alloc, itch;

  f (n);
  f (d);
  qp = (unsigned long*)__builtin_alloca(4099*8) + 1;
  dnp = (unsigned long*)__builtin_alloca (2049*8);
  alloc = 1;
  for (test = 0; test < 1; test++)
    {
      dn = d->_mp_size;
      ^^^^^^^^^^^^^^^^^^
      dup = d->_mp_d;
      f (dnp, dup, dn);
      dnp[dn - 1] |= 1UL<<63;
          ^^^^^^^^^^
"dn" here contains some random value, which may be > size of dnp and
program may crash which happens with -m32 for me.

References:
- [Bug testsuite/64427] New: gcc.target/i386/pr64291-1.c is invalid
  - From: hjl.tools at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]