[PATCH] Fix up fold_ctor_reference and fully_constant_vn_reference_p (PR tree-optimization/68785)

Jakub Jelinek jakub@redhat.com
Wed Dec 9 22:31:00 GMT 2015 

Hi!

On a testcase like below which would trigger UB at runtime we trigger
UB in the compiler, by reading uninitialized bytes.

The VCE folding for which native_{encode,interpret}_expr has been originally
written passes the length from the first one to the second one, so that
the latter can return NULL_TREE (not fold) if not enough bytes in the buffer
were filled.  I believe this is the shortest fix for this issue and makes
the code consistent with what is used in VCE folding.

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2015-12-09  Jakub Jelinek  <jakub@redhat.com>

	PR tree-optimization/68785
	* gimple-fold.c (fold_ctor_reference): Pass return value from
	native_encode_expr to native_interpret_expr.
	* tree-ssa-sccvn.c (fully_constant_vn_reference_p): Likewise.

	* gcc.dg/pr68785.c: New test.

--- gcc/gimple-fold.c.jj	2015-11-24 11:43:35.000000000 +0100
+++ gcc/gimple-fold.c	2015-12-09 10:48:06.824975709 +0100
@@ -5495,9 +5495,10 @@ fold_ctor_reference (tree type, tree cto
       && size <= MAX_BITSIZE_MODE_ANY_MODE)
     {
       unsigned char buf[MAX_BITSIZE_MODE_ANY_MODE / BITS_PER_UNIT];
-      if (native_encode_expr (ctor, buf, size / BITS_PER_UNIT,
-			      offset / BITS_PER_UNIT) > 0)
-	return native_interpret_expr (type, buf, size / BITS_PER_UNIT);
+      int len = native_encode_expr (ctor, buf, size / BITS_PER_UNIT,
+				    offset / BITS_PER_UNIT);
+      if (len > 0)
+	return native_interpret_expr (type, buf, len);
     }
   if (TREE_CODE (ctor) == CONSTRUCTOR)
     {
--- gcc/tree-ssa-sccvn.c.jj	2015-12-04 17:19:12.000000000 +0100
+++ gcc/tree-ssa-sccvn.c	2015-12-09 10:50:30.329960789 +0100
@@ -1370,8 +1370,9 @@ fully_constant_vn_reference_p (vn_refere
 	  else
 	    {
 	      unsigned char buf[MAX_BITSIZE_MODE_ANY_MODE / BITS_PER_UNIT];
-	      if (native_encode_expr (ctor, buf, size, off) > 0)
-		return native_interpret_expr (ref->type, buf, size);
+	      int len = native_encode_expr (ctor, buf, size, off);
+	      if (len > 0)
+		return native_interpret_expr (ref->type, buf, len);
 	    }
 	}
     }
--- gcc/testsuite/gcc.dg/pr68785.c.jj	2015-12-09 10:52:00.232698487 +0100
+++ gcc/testsuite/gcc.dg/pr68785.c	2015-12-09 10:50:54.000000000 +0100
@@ -0,0 +1,9 @@
+/* PR tree-optimization/68785 */
+/* { dg-do compile } */
+/* { dg-options "-O3" } */
+
+int
+foo (void)
+{
+  return *(int *) "";
+}

	Jakub

More information about the Gcc-patches mailing list