[Bug preprocessor/47311] [4.6 Regression][C++0x] ICE in tsubst @cp/pt.c:10502

pluto at agmk dot net gcc-bugzilla@gcc.gnu.org
Mon Jan 17 18:39:00 GMT 2011 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47311

--- Comment #16 from Pawel Sikora <pluto at agmk dot net> 2011-01-17 18:05:15 UTC ---
(In reply to comment #15)
> (In reply to comment #10)
> > But it never checks the buffer end. It looks bogus to me.
> 
> Read the comment at the beginning of the section.  This is an aligned
> read before END, and thus will never fault.  We are guaranteed to find
> an end-of-line character at the end of the buffer, so we will never 
> search past END.

on valgrind-3.6.0 patched with https://bugs.kde.org/show_bug.cgi?id=262995#c3
with its emulated cpu i got an invalid access in search_line_sse42:

$ valgrind --leak-check=no --trace-children=yes g++46 testcase2.cpp
-std=gnu++0x -Wall -c
==5266== Memcheck, a memory error detector
==5266== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==5266== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info
==5266== Command: g++46 testcase2.cpp -std=gnu++0x -Wall -c
==5266==
==5267== Memcheck, a memory error detector
==5267== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==5267== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info
==5267== Command: /opt/gcc46/libexec/gcc/x86_64-unknown-linux-gnu/4.6.0/cc1plus
-quiet -D_GNU_SOURCE testcase2.cpp -quiet -dumpbase testcase2.cpp
-mtune=generic -march=core2 -auxbase testcase2 -Wall -std=gnu++0x -o
/home/users/pluto/tmp/cc1d2Wcp.s
==5267==
==5267== Invalid read of size 8
==5267==    at 0x11E4E24: search_line_sse42(unsigned char const*, unsigned char
const*) (lex.c:462)
==5267==    by 0x11E4F4E: _cpp_clean_line (lex.c:665)
==5267==    by 0x11E5957: _cpp_get_fresh_line (lex.c:1884)
==5267==    by 0x11E713D: _cpp_lex_direct (lex.c:1949)
==5267==    by 0x11E7FF6: _cpp_lex_token (lex.c:1823)
==5267==    by 0x11EA6A7: cpp_get_token(cpp_reader*) (macro.c:1240)
==5267==    by 0x11EA93F: cpp_get_token_with_location(cpp_reader*, unsigned
int*) (macro.c:1352)
==5267==    by 0x6799B2: c_lex_with_flags(tree_node**, unsigned int*, unsigned
char*, int) (c-lex.c:302)
==5267==    by 0x57DA7F: cp_lexer_get_preprocessor_token(cp_lexer*, cp_token*)
(parser.c:549)
==5267==    by 0x5A571A: c_parse_file() (parser.c:425)
==5267==    by 0x67F4E4: c_common_parse_file() (c-opts.c:1071)
==5267==    by 0xA07F57: toplev_main(int, char**) (toplev.c:579)
==5267==  Address 0x629b7e0 is 112 bytes inside a block of size 114 alloc'd
==5267==    at 0x4C25322: realloc (vg_replace_malloc.c:525)
==5267==    by 0x120EDAC: xrealloc (xmalloc.c:179)
==5267==    by 0x11D975F: _cpp_convert_input (charset.c:1734)
==5267==    by 0x11E1AF2: read_file(cpp_reader*, _cpp_file*) (files.c:652)
==5267==    by 0x11E2D5A: _cpp_stack_file (files.c:723)
==5267==    by 0x11E4690: cpp_read_main_file(cpp_reader*, char const*)
(init.c:570)
==5267==    by 0x67EBE6: c_common_post_options(char const**) (c-opts.c:1010)
==5267==    by 0xA0732A: toplev_main(int, char**) (toplev.c:1283)
==5267==    by 0x5EBDCBC: (below main) (libc-start.c:226)

 454│   /* Main loop, processing 16 bytes at a time.  By doing the whole loop
 455│      in inline assembly, we can make proper use of the flags set.  */
 456│   __asm (      "sub $16, %1\n"
 457│         "       .balign 16\n"
 458│         "0:     add $16, %1\n"
 459│         "       %vpcmpestri $0, (%1), %2\n"
 460│         "       jnc 0b"
 461│         : "=&c"(index), "+r"(s)
 462├>        : "x"(search), "a"(4), "d"(16));

(gdb) p/x s
$1 = 0x629b7e0
(gdb) p/x end
$2 = 0x629b7e1
(gdb) p/x search
$4 =   {0xa,
  0xd,
  0x3f,
  0x5c,
  0x0 <repeats 12 times>}

More information about the Gcc-bugs mailing list