This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] Fix use-after-free in the strlen pass (PR tree-optimization/82977)
- From: Jeff Law <law at redhat dot com>
- To: Martin Sebor <msebor at gmail dot com>, Jakub Jelinek <jakub at redhat dot com>, Richard Biener <rguenther at suse dot de>
- Cc: gcc-patches at gcc dot gnu dot org
- Date: Tue, 14 Nov 2017 17:42:47 -0700
- Subject: Re: [PATCH] Fix use-after-free in the strlen pass (PR tree-optimization/82977)
- Authentication-results: sourceware.org; auth=none
- References: <20171114210426.GL14653@tucnak> <6e074af7-f093-9c0a-0de5-d6b978c20685@redhat.com> <252edf08-37c1-7061-0132-c0b71f69e7bf@gmail.com>
On 11/14/2017 02:30 PM, Martin Sebor wrote:
> On 11/14/2017 02:10 PM, Jeff Law wrote:
>> On 11/14/2017 02:04 PM, Jakub Jelinek wrote:
>>> Hi!
>>>
>>> strlen_to_stridx.get (rhs1) returns an address into the hash_map, and
>>> strlen_to_stridx.put (lhs, *ps); (in order to be efficient) doesn't
>>> make a
>>> copy of the argument just in case, first inserts the slot into it which
>>> may cause reallocation, and only afterwards runs the copy ctor to assign
>>> the value into the new slot. So, passing it a reference to something
>>> in the hash_map is wrong. Fixed thusly, bootstrapped/regtested on
>>> x86_64-linux and i686-linux, ok for trunk?
>>>
>>> 2017-11-14 Jakub Jelinek <jakub@redhat.com>
>>>
>>> PR tree-optimization/82977
>>> * tree-ssa-strlen.c (strlen_optimize_stmt): Pass a reference to a
>>> copy
>>> constructed temporary to strlen_to_stridx.put.
>> I've been seeing a couple new tests flip between pass and fail recently.
>> I wonder if this is the ultimate cause.
>
> I've been noticing it for quite a while, even before the commit,
> so I suspect something else is going on in addition to this bug.
I'm referring specifically to the Wstringop-truncation tests. They're
ping-ponging between PASS/FAIL here with alarming regularity and no
sense of rhyme or reason.
If I had to guess I'd guess uninit memory, dangling pointer or the like,
which is precisely the kind of problem the patch is meant to fix.
jeff