This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH] Don't create out-of-bounds BIT_FIELD_REFs
- From: Tom de Vries <Tom_deVries at mentor dot com>
- To: Jason Merrill <jason at redhat dot com>
- Cc: <gcc-patches at gcc dot gnu dot org>, Marc Glisse <marc dot glisse at infria dot fr>
- Date: Tue, 26 Nov 2013 08:57:01 +0100
- Subject: [PATCH] Don't create out-of-bounds BIT_FIELD_REFs
- Authentication-results: sourceware.org; auth=none
Jason,
This patch prevents creating out-of-bounds BIT_FIELD_REFs in 3 locations.
It fixes a SIGSEGV (triggered by gimple_fold_indirect_ref_1) in
simplify_bitfield_ref. I've added an assert to detect the problematic
BIT_FIELD_REF there.
Bootstrapped and reg-tested on x86_64.
OK for trunk?
Thanks,
- Tom
2013-11-26 Tom de Vries <tom@codesourcery.com>
Marc Glisse <marc.glisse@inria.fr>
PR middle-end/59037
* semantics.c (cxx_fold_indirect_ref): Don't create out-of-bounds
BIT_FIELD_REF.
* fold-const.c (fold_indirect_ref_1): Don't create out-of-bounds
BIT_FIELD_REF.
* gimple-fold.c (gimple_fold_indirect_ref): Same.
* tree-ssa-forwprop.c (simplify_bitfield_ref): Assert that BIT_FIELD_REF
is not out-of-bounds.
* g++.dg/pr59037.C: New testcase.
* gcc.dg/pr59037.c: Same.
diff --git a/gcc/cp/semantics.c b/gcc/cp/semantics.c
index 316834c..71daaa2 100644
--- a/gcc/cp/semantics.c
+++ b/gcc/cp/semantics.c
@@ -9117,7 +9117,7 @@ cxx_fold_indirect_ref (location_t loc, tree type, tree op0, bool *empty_base)
unsigned HOST_WIDE_INT indexi = offset * BITS_PER_UNIT;
tree index = bitsize_int (indexi);
- if (offset/part_widthi <= TYPE_VECTOR_SUBPARTS (op00type))
+ if (offset / part_widthi < TYPE_VECTOR_SUBPARTS (op00type))
return fold_build3_loc (loc,
BIT_FIELD_REF, type, op00,
part_width, index);
diff --git a/gcc/fold-const.c b/gcc/fold-const.c
index f91673d..0926626 100644
--- a/gcc/fold-const.c
+++ b/gcc/fold-const.c
@@ -16719,7 +16719,7 @@ fold_indirect_ref_1 (location_t loc, tree type, tree op0)
unsigned HOST_WIDE_INT indexi = offset * BITS_PER_UNIT;
tree index = bitsize_int (indexi);
- if (offset/part_widthi <= TYPE_VECTOR_SUBPARTS (op00type))
+ if (offset / part_widthi < TYPE_VECTOR_SUBPARTS (op00type))
return fold_build3_loc (loc,
BIT_FIELD_REF, type, op00,
part_width, index);
diff --git a/gcc/gimple-fold.c b/gcc/gimple-fold.c
index 2902e69..7e9ba65 100644
--- a/gcc/gimple-fold.c
+++ b/gcc/gimple-fold.c
@@ -3418,7 +3418,7 @@ gimple_fold_indirect_ref (tree t)
unsigned HOST_WIDE_INT indexi = offset * BITS_PER_UNIT;
tree index = bitsize_int (indexi);
if (offset / part_widthi
- <= TYPE_VECTOR_SUBPARTS (TREE_TYPE (addrtype)))
+ < TYPE_VECTOR_SUBPARTS (TREE_TYPE (addrtype)))
return fold_build3 (BIT_FIELD_REF, type, TREE_OPERAND (addr, 0),
part_width, index);
}
diff --git a/gcc/testsuite/g++.dg/pr59037.C b/gcc/testsuite/g++.dg/pr59037.C
new file mode 100644
index 0000000..fae13c2
--- /dev/null
+++ b/gcc/testsuite/g++.dg/pr59037.C
@@ -0,0 +1,12 @@
+/* { dg-do compile } */
+/* { dg-options "-O3" } */
+
+typedef int v4si __attribute__ ((vector_size (16)));
+
+int
+main (int argc, char** argv)
+{
+ v4si x = {0,1,2,3};
+ x = (v4si) {(x)[3], (x)[2], (x)[1], (x)[0]};
+ return x[4];
+}
diff --git a/gcc/testsuite/gcc.dg/pr59037.c b/gcc/testsuite/gcc.dg/pr59037.c
new file mode 100644
index 0000000..ba3a8ba
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr59037.c
@@ -0,0 +1,12 @@
+/* { dg-do compile } */
+/* { dg-options "-O3 -std=gnu99" } */
+
+typedef int v4si __attribute__ ((vector_size (16)));
+
+int
+main (int argc, char** argv)
+{
+ v4si x = {0,1,2,3};
+ x = (v4si) {(x)[3], (x)[2], (x)[1], (x)[0]};
+ return x[4];
+}
diff --git a/gcc/tree-ssa-forwprop.c b/gcc/tree-ssa-forwprop.c
index 6e6d115..5d685ef 100644
--- a/gcc/tree-ssa-forwprop.c
+++ b/gcc/tree-ssa-forwprop.c
@@ -3118,6 +3118,7 @@ simplify_bitfield_ref (gimple_stmt_iterator *gsi)
if (TREE_CODE (m) != VECTOR_CST)
return false;
nelts = VECTOR_CST_NELTS (m);
+ gcc_assert (idx < nelts);
idx = TREE_INT_CST_LOW (VECTOR_CST_ELT (m, idx));
idx %= 2 * nelts;
if (idx < nelts)