[Bug tree-optimization/37686] [4.4 Regression] Building of CPU2000's bzip2 with peak flags with -mcpu=power4 fails with an ICE.

[jakub at gcc dot gnu dot org]

------- Comment #14 from jakub at gcc dot gnu dot org  2008-10-02 08:51 -------
This is a simple buffer overflow in lambda-code.c.
It is easily reproduceable everywhere with the #c12 testcase with just
-O3 -ftree-loop-linear -funroll-loops
if you add an assert:
--- lambda-code.c.jj 2008-09-05 12:56:32.000000000 +0200
+++ lambda-code.c 2008-10-02 10:39:59.000000000 +0200
@@ -2765,6 +2765,7 @@ av_for_af (tree access_fun, lambda_vecto
           return false;

         var = am_vector_index_for_loop (am, CHREC_VARIABLE (access_fun));
+        gcc_assert (var < AM_NB_COLUMNS (am));
         cy[var] = int_cst_value (right);

         if (TREE_CODE (left) == POLYNOMIAL_CHREC)

On this testcase, AM_PARAMETERS (am) == NULL and AM_NB_INDUCTION_VARS (am) ==
2,
so AM_NB_COLUMNS (am) == 3, yet the code overwrites cy[8].


-- 

jakub at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dberlin at gcc dot gnu dot
                   |                            |org, spop at gcc dot gnu dot
                   |                            |org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37686