[PATCH] Fix out-of-bounds write in RTL function reader (PR bootstrap/79952)
David Malcolm
dmalcolm@redhat.com
Fri Mar 10 19:03:00 GMT 2017
On Fri, 2017-03-10 at 00:36 +0100, Bernd Schmidt wrote:
> On 03/09/2017 08:28 PM, David Malcolm wrote:
> > The root cause is an out-of-bounds memory write in the RTL dump
> > reader when handling SYMBOL_REFs with SYMBOL_FLAG_HAS_BLOCK_INFO
> > set.
> >
> > Such SYMBOL_REFs are normally created by
> > varasm.c:create_block_symbol,
> > which has:
>
> Hmm, I don't actually recall seeing this stuff. It's for section
> anchors
> apparently.
>
> > OK for trunk in stage 4?
> >
> > gcc/ChangeLog:
> > PR bootstrap/79952
> > * read-rtl-function.c (function_reader::read_rtx_operand):
> > Update
> > x with result of extra_parsing_for_operand_code_0.
> > (function_reader::extra_parsing_for_operand_code_0): Convert
> > return type from void to rtx, returning x. When reading
> > SYMBOL_REF with SYMBOL_FLAG_HAS_BLOCK_INFO, reallocate x to the
> > larger size containing struct block_symbol.
>
> Looks OK for now, but longer term I think we should make it possible
> to
> reconstruct this data.
Thanks; fix committed to trunk as r246044.
I'm also not very familiar with this part of RTL.
print-rtl.c:rtx_writer::print_rtx_operand_code_0 has some special
-casing for SYMBOL_REF, but if I'm reading things right we don't yet
dump SYMBOL_REF_BLOCK and SYMBOL_REF_BLOCK_OFFSET, so we'd need to dump
these somehow.
More information about the Gcc-patches
mailing list