This is the mail archive of the
mailing list for the GCC project.
Re: out of bounds access in insn-automata.c
- From: Bernd Schmidt <bernds_cb1 at t-online dot de>
- To: Aldy Hernandez <aldyh at redhat dot com>, GCC Mailing List <gcc at gcc dot gnu dot org>
- Cc: "Vladimir N. Makarov" <vmakarov at redhat dot com>
- Date: Wed, 23 Mar 2016 16:25:50 +0100
- Subject: Re: out of bounds access in insn-automata.c
- Authentication-results: sourceware.org; auth=none
- References: <56F23888 dot 5080506 at redhat dot com>
On 03/23/2016 07:32 AM, Aldy Hernandez wrote:
maximal_insn_latency (rtx insn)
if (insn == 0)
insn_code = DFA__ADVANCE_CYCLE;
insn_code = dfa_insn_code (as_a <rtx_insn *> (insn));
if (insn_code > DFA__ADVANCE_CYCLE)
return internal_maximal_insn_latency (insn_code, insn);
In the case where insn==0, insn_code is set to the size of
default_latencies which will get accessed in the return.
Does insn==0 never happen?
I suspect it never happens in this function. I'd add a gcc_assert to
that effect and try a bootstrap/test. Hmm, it seems to be a sel-sched
only thing so a normal bootstrap would be meaningless, but from the
context it looks fairly clearly like insn is always nonnull.
It looks like this block of code is written by a helper function that is
really intended for other purposes than for maximal_insn_latency. Might
be worth changing to
int insn_code = dfa_insn_code (as_a <rtx_insn *> (insn));
gcc_assert (insn_code <= DFA__ADVANCE_CYCLE);