From patchwork Mon Apr 8 12:08:47 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marek Polacek X-Patchwork-Id: 234747 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "localhost", Issuer "www.qmailtoaster.com" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 64F3C2C00F4 for ; Mon, 8 Apr 2013 22:09:02 +1000 (EST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:mime-version:content-type; q=dns; s= default; b=MSqqMLufDxt5rdrEJ7gd3jNmpQ84+CKButMIein+qMXRUQhlgfFs9 m03H2bbzfxoC1OfenaGTeVKDKXOSlGTMm5J2M+3vYk2SaCcFw5gjHygCg2tHqTUB B0iCqT7lMoiYPz4n1Xfu8jIfOCG+c7V8o7p233aX7ctdXQIb3f1wOM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:subject:message-id:mime-version:content-type; s= default; bh=0v8BXLtzlP/52Zs/N4Tk6256P8A=; b=R2xzi9VvsFHL2epy1E5g JPGouMjTUk477JVEcZLbPsf4HFnd/xcEsfdqN2o9OoK6io/rVh5oSQjmiR3KGGpq 45DscFCbOj0AO8IRjOH5NUCpKEvtCEBSAdLCldcmoCnxBpaAynUMQvgpEMNSyFMx 0S3AR0TmEbmBV9M07RT2nnc= Received: (qmail 12290 invoked by alias); 8 Apr 2013 12:08:53 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 12279 invoked by uid 89); 8 Apr 2013 12:08:52 -0000 X-Spam-SWARE-Status: No, score=-7.7 required=5.0 tests=AWL, BAYES_00, KHOP_RCVD_UNTRUST, RCVD_IN_DNSWL_HI, RCVD_IN_HOSTKARMA_W, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.1 Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.84/v0.84-167-ge50287c) with ESMTP; Mon, 08 Apr 2013 12:08:52 +0000 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r38C8pJT020327 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 8 Apr 2013 08:08:51 -0400 Received: from redhat.com (ovpn-116-17.ams2.redhat.com [10.36.116.17]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id r38C8lct004661 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Mon, 8 Apr 2013 08:08:50 -0400 Date: Mon, 8 Apr 2013 14:08:47 +0200 From: Marek Polacek To: GCC Patches Subject: [PATCH] Fix PR48762 Message-ID: <20130408120847.GK24873@redhat.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) This patch prevents two Invalid read of size 8 and one Invalid write of size 8 warnings when cc1 is run under valgrind. What happens here is that we firstly allocate 0B ebb_data.path = XNEWVEC (struct branch_path, PARAM_VALUE (PARAM_MAX_CSE_PATH_LENGTH)); (in fact, XNEWVEC always allocates at least 1B--but still it's not enough), then in cse_find_path we have (path_size is 0) if (path_size == 0) data->path[path_size++].bb = first_bb; so we immediately have invalid write and moreover path_size increments, thus we call cse_find_path again, then we get the invalid reads. So fixed by guarding the write with PARAM_MAX_CSE_PATH_LENGTH > 0. Alternatively, we can bump the minimum of that param, as usual ;) Bootstrapped/regtested on x86_64-linux, ok for trunk/4.8? 2013-04-08 Marek Polacek PR tree-optimization/48762 * cse.c (cse_find_path): Require PARAM_MAX_CSE_PATH_LENGTH be > 0. Marek --- gcc/cse.c.mp 2013-04-08 13:19:15.082670099 +0200 +++ gcc/cse.c 2013-04-08 13:19:29.014713914 +0200 @@ -6166,7 +6166,7 @@ cse_find_path (basic_block first_bb, str } /* If the path was empty from the beginning, construct a new path. */ - if (path_size == 0) + if (path_size == 0 && PARAM_VALUE (PARAM_MAX_CSE_PATH_LENGTH) > 0) data->path[path_size++].bb = first_bb; else {