This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH v2] fix pr62009 use after free in redirect_edge_var_map_dup
- From: tsaunders at mozilla dot com
- To: gcc-patches at gcc dot gnu dot org
- Cc: Trevor Saunders <tsaunders at mozilla dot com>
- Date: Tue, 5 Aug 2014 08:32:53 -0400
- Subject: [PATCH v2] fix pr62009 use after free in redirect_edge_var_map_dup
- Authentication-results: sourceware.org; auth=none
From: Trevor Saunders <tsaunders@mozilla.com>
hi,
The change to get the entry for the old edge before inserting the new
one was incorrect because if inserting the new one resized the table
then the pointer to the entry for the old one would become invalid.
gcc/
* tree-ssa.c (redirect_edge_var_map_dup): insert newe before
getting olde.
bootstrapping on and regtest on x86_64-unknown-linux-gnu and bootstrap on
i686-linux-gnu ongoing, ok?
Trev
---
gcc/tree-ssa.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/gcc/tree-ssa.c b/gcc/tree-ssa.c
index 920cbea..b6b3718 100644
--- a/gcc/tree-ssa.c
+++ b/gcc/tree-ssa.c
@@ -105,11 +105,12 @@ redirect_edge_var_map_dup (edge newe, edge olde)
if (!edge_var_maps)
return;
- auto_vec<edge_var_map> *head = edge_var_maps->get (olde);
- if (!head)
+ auto_vec<edge_var_map> *new_head = &edge_var_maps->get_or_insert (newe);
+ auto_vec<edge_var_map> *old_head = edge_var_maps->get (olde);
+ if (!old_head)
return;
- edge_var_maps->get_or_insert (newe).safe_splice (*head);
+ new_head->safe_splice (*old_head);
}
--
2.0.1