This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Fix accesses to freed up memory in var-tracking (PR debug/53706)

From: Alexandre Oliva <aoliva at redhat dot com>
To: Uros Bizjak <ubizjak at gmail dot com>
Cc: gcc-patches at gcc dot gnu dot org, Jakub Jelinek <jakub at redhat dot com>, Richard Guenther <richard dot guenther at gmail dot com>
Date: Wed, 27 Jun 2012 06:52:55 -0300
Subject: Re: [PATCH] Fix accesses to freed up memory in var-tracking (PR debug/53706)
References: <CAFULd4bYnyi_+z7kvq-=S7Vj2Yx6AqVUtKvveDAsuGZvCdzmRA@mail.gmail.com>

On Jun 21, 2012, Uros Bizjak <ubizjak@gmail.com> wrote:

> Hello!
>> > During htab_delete (dropped_values), loc_exp_dep_pool
>> > allocated objects might be accessed, so it is better to free the
>> > pool afterwards.
>> >
>> > Bootstrapped/regtested on i686-linux, ok for trunk?
>> 
>> Looks obvious.

> The patch doesn't fix all writes to freed up memory, please see
> comment #8 in the PR audit trail.

So, I've tested your patch in comment #10 on ia64-linux-gnu, and it
worked, but it failed on i686- and x86_64-linux-gnu, just because in
some cases we decided not to go through vt_emit_notes(), so
loc_exp_dep_pool remained uninitialized, and free_alloc_pool doesn't
like to release NULL pools ;-)

The resulting patch was regstrapped on i686- and x86_64-linux-gnu.  I'm
going to check it in as obvious after getting some sleep.

for  gcc/ChangeLog
from  Alexandre Oliva  <aoliva@redhat.com>,
	Uros Bizjak  <ubizjak@gmail.com>, Jakub Jelinek  <jakub@redhat.com>

	PR debug/53706
	PR debug/47624
	* var-tracking.c (vt_emit_notes): Release loc_exp_dep_pool...
	(vt_finalize): ... here instead, if needed.

Index: gcc/var-tracking.c
===================================================================
--- gcc/var-tracking.c.orig	2012-06-27 02:25:13.903896343 -0300
+++ gcc/var-tracking.c	2012-06-27 03:22:25.000000000 -0300
@@ -9260,11 +9260,7 @@ vt_emit_notes (void)
   dataflow_set_destroy (&cur);
 
   if (MAY_HAVE_DEBUG_INSNS)
-    {
-      free_alloc_pool (loc_exp_dep_pool);
-      loc_exp_dep_pool = NULL;
-      htab_delete (dropped_values);
-    }
+    htab_delete (dropped_values);
 
   emit_notes = false;
 }
@@ -9974,6 +9970,9 @@ vt_finalize (void)
 
   if (MAY_HAVE_DEBUG_INSNS)
     {
+      if (loc_exp_dep_pool)
+	free_alloc_pool (loc_exp_dep_pool);
+      loc_exp_dep_pool = NULL;
       free_alloc_pool (valvar_pool);
       VEC_free (rtx, heap, preserved_values);
       cselib_finish ();


-- 
Alexandre Oliva, freedom fighter    http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/   FSF Latin America board member
Free Software Evangelist      Red Hat Brazil Compiler Engineer

References:
- Re: [PATCH] Fix accesses to freed up memory in var-tracking (PR debug/53706)
  - From: Uros Bizjak

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]