This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] Fix PR middle-end/37669


As I said in the bug:

I think the problem is that in

ccp_fold_builtin():
  2502    memset (val, 0, sizeof (val)); 
  2503    for (i = 0; i < nargs; i++) 
  2504      { 
  2505        if ((arg_mask >> i) & 1) 
  2506          { 
  2507            a = gimple_call_arg (stmt, i); 
  2508            bitmap_clear (visited); 
  2509            if (!get_maxval_strlen (a, &val[i], visited, type)) 
  2510              val[i] = NULL_TREE; 

arg_mask is an int and in the testcase nargs is 35 (the number of args to
snprintf).  Therefore the result of the shift can be undefined.  As a result
we address out of the val array on the stack that is allocated with three
entries.

I changed to run the above loop until the highest bit in arg_mask is reached.

Bootstrapped and tested with {mips64octeon,x86_64}-linux-gnu.

OK to install?

Adam

	PR middle-end/37669
	* tree-ssa-ccp.c (ccp_fold_builtin): Don't shift arg_mask by more
	than the highest bit set in it.

Index: tree-ssa-ccp.c
===================================================================
--- tree-ssa-ccp.c	(revision 141180)
+++ tree-ssa-ccp.c	(working copy)
@@ -2500,7 +2500,7 @@ ccp_fold_builtin (gimple stmt)
   visited = BITMAP_ALLOC (NULL);
 
   memset (val, 0, sizeof (val));
-  for (i = 0; i < nargs; i++)
+  for (i = 0; i <= floor_log2 (arg_mask); i++)
     {
       if ((arg_mask >> i) & 1)
         {


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]