This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH, PR 50301] Missing checks of number of actual arguments in IPA-CP
- From: Martin Jambor <mjambor at suse dot cz>
- To: GCC Patches <gcc-patches at gcc dot gnu dot org>
- Cc: Jan Hubicka <hubicka at ucw dot cz>
- Date: Tue, 6 Sep 2011 19:55:12 +0200
- Subject: [PATCH, PR 50301] Missing checks of number of actual arguments in IPA-CP
Hi,
somehow I lost two hunks in the patch allowing IPA-CP to process
functions with variable number of arguments and one of these omissions
caused PR 50301 (416.gamess LTO miscompilation). The two hunks check
the number of actual arguments in two places of IPA-CP which are not
executed so often and where we currently can get an out-of-bounds
VECtor failure.
Bootstrapped and tested on x86_64-linux, I have verified gmaess
LTO-builds with it. OK for trunk?
Thanks,
Martin
2011-09-06 Martin Jambor <mjambor@suse.cz>
PR middle-end/50301
* ipa-cp.c (find_more_values_for_callers_subset): Check jump
function index bounds.
(perhaps_add_new_callers): Likewise.
Index: src/gcc/ipa-cp.c
===================================================================
--- src.orig/gcc/ipa-cp.c
+++ src/gcc/ipa-cp.c
@@ -2052,8 +2052,12 @@ find_more_values_for_callers_subset (str
struct ipa_jump_func *jump_func;
tree t;
+ if (i >= ipa_get_cs_argument_count (IPA_EDGE_REF (cs)))
+ {
+ newval = NULL_TREE;
+ break;
+ }
jump_func = ipa_get_ith_jump_func (IPA_EDGE_REF (cs), i);
-
t = ipa_value_from_jfunc (IPA_NODE_REF (cs->caller), jump_func);
if (!t
|| (newval
@@ -2123,6 +2127,11 @@ perhaps_add_new_callers (struct cgraph_n
if (!val)
continue;
+ if (i >= ipa_get_cs_argument_count (args))
+ {
+ insufficient = true;
+ break;
+ }
jump_func = ipa_get_ith_jump_func (args, i);
t = ipa_value_from_jfunc (caller_info, jump_func);
if (!t || !values_equal_for_ipcp_p (val, t))