[PATCH v2] fix pr62009 use after free in redirect_edge_var_map_dup

Richard Biener richard.guenther@gmail.com
Tue Aug 5 12:42:00 GMT 2014


On Tue, Aug 5, 2014 at 2:32 PM,  <tsaunders@mozilla.com> wrote:
> From: Trevor Saunders <tsaunders@mozilla.com>
>
> hi,
>
> The change to get the entry for the old edge before inserting the new
> one was incorrect because if inserting the new one resized the table
> then the pointer to the entry for the old one would become invalid.
>
> gcc/
>
>         * tree-ssa.c (redirect_edge_var_map_dup): insert newe before
>         getting olde.
>
> bootstrapping on and regtest on x86_64-unknown-linux-gnu and bootstrap on
> i686-linux-gnu ongoing, ok?

Also works for me.

Richard.

> Trev
>
> ---
>  gcc/tree-ssa.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/gcc/tree-ssa.c b/gcc/tree-ssa.c
> index 920cbea..b6b3718 100644
> --- a/gcc/tree-ssa.c
> +++ b/gcc/tree-ssa.c
> @@ -105,11 +105,12 @@ redirect_edge_var_map_dup (edge newe, edge olde)
>    if (!edge_var_maps)
>      return;
>
> -  auto_vec<edge_var_map> *head = edge_var_maps->get (olde);
> -  if (!head)
> +  auto_vec<edge_var_map> *new_head = &edge_var_maps->get_or_insert (newe);
> +  auto_vec<edge_var_map> *old_head = edge_var_maps->get (olde);
> +  if (!old_head)
>      return;
>
> -  edge_var_maps->get_or_insert (newe).safe_splice (*head);
> +  new_head->safe_splice (*old_head);
>  }
>
>
> --
> 2.0.1
>



More information about the Gcc-patches mailing list