This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH] Fix buffer overflow in SH expand_cbranchdi4 (PR target/79462)
- From: Jakub Jelinek <jakub at redhat dot com>
- To: Alexandre Oliva <aoliva at redhat dot com>, Kaz Kojima <kkojima at gcc dot gnu dot org>, Oleg Endo <olegendo at gcc dot gnu dot org>
- Cc: gcc-patches at gcc dot gnu dot org
- Date: Tue, 14 Feb 2017 09:22:37 +0100
- Subject: [PATCH] Fix buffer overflow in SH expand_cbranchdi4 (PR target/79462)
- Authentication-results: sourceware.org; auth=none
- Reply-to: Jakub Jelinek <jakub at redhat dot com>
Hi!
The following patch fixes a buffer overflow in the SH backend.
r235698 removed an operand (clobber of match_scratch) from the various
cbranch pattersn that called expand_cbranchdi4 as well as all but
one references to operands[4] in that code. Now that the insn only
has 4 operands, clearing operands[4] is a buffer overflow.
Tested by Kaz (thanks).
In the PR Oleg asked for a comment, but I'm not sure how useful is
it to document that something used to be cleared and is not anymore,
because it doesn't exist.
Ok for trunk (or suggested wording for a comment)?
2017-02-14 Jakub Jelinek <jakub@redhat.com>
PR target/79462
* config/sh/sh.c (expand_cbranchdi4): Don't clear operands[4].
--- gcc/config/sh/sh.c.jj 2017-01-01 12:45:41.000000000 +0100
+++ gcc/config/sh/sh.c 2017-02-11 10:15:03.460321825 +0100
@@ -2152,7 +2152,6 @@ expand_cbranchdi4 (rtx *operands, enum r
}
operands[1] = op1h;
operands[2] = op2h;
- operands[4] = NULL_RTX;
if (msw_taken != LAST_AND_UNUSED_RTX_CODE)
expand_cbranchsi4 (operands, msw_taken, msw_taken_prob);
Jakub