Re: Fix buffer overflow in ipa_profile

[Florian Weimer <fweimer at redhat dot com>]

On 08/21/2013 04:30 PM, Jan Hubicka wrote:
> Index: ipa.c
> ===================================================================
> --- ipa.c	(revision 201890)
> +++ ipa.c	(working copy)
> @@ -1397,7 +1397,7 @@ ipa_profile_read_summary (void)
>   static unsigned int
>   ipa_profile (void)
>   {
> -  struct cgraph_node **order = XCNEWVEC (struct cgraph_node *, cgraph_n_nodes);
> +  struct cgraph_node **order;
>     struct cgraph_edge *e;
>     int order_pos;
>     bool something_changed = false;
> @@ -1575,6 +1575,7 @@ ipa_profile (void)
>   	     nuseless, nuseless * 100.0 / nindirect,
>   	     nconverted, nconverted * 100.0 / nindirect);
>
> +  order = XCNEWVEC (struct cgraph_node *, cgraph_n_nodes);
>     order_pos = ipa_reverse_postorder (order);
>     for (i = order_pos - 1; i >= 0; i--)
>       {

Shouldn't the definition of order be moved down to the initialization, 
like in the attached patch?

--
Florian Weimer / Red Hat Product Security Team

Index: gcc/ipa.c
===================================================================
--- gcc/ipa.c	(revision 201937)
+++ gcc/ipa.c	(working copy)
@@ -1397,9 +1397,7 @@
 static unsigned int
 ipa_profile (void)
 {
-  struct cgraph_node **order;
   struct cgraph_edge *e;
-  int order_pos;
   bool something_changed = false;
   int i;
   gcov_type overall_time = 0, cutoff = 0, cumulated = 0, overall_size = 0;
@@ -1575,8 +1573,9 @@
 	     nuseless, nuseless * 100.0 / nindirect,
 	     nconverted, nconverted * 100.0 / nindirect);
 
-  order = XCNEWVEC (struct cgraph_node *, cgraph_n_nodes);
-  order_pos = ipa_reverse_postorder (order);
+  struct cgraph_node **order
+    = XCNEWVEC (struct cgraph_node *, cgraph_n_nodes);
+  int order_pos = ipa_reverse_postorder (order);
   for (i = order_pos - 1; i >= 0; i--)
     {
       if (order[i]->local.local && cgraph_propagate_frequency (order[i]))