Fix buffer overflow in the arm port (PR target/69187)

Message ID	20160121092013.GF3017@tucnak.redhat.com
State	New
Headers	show Return-Path: <gcc-patches-return-419670-incoming=patchwork.ozlabs.org@gcc.gnu.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:reply-to:mime-version :content-type:content-transfer-encoding; q=dns; s=default; b=mno nSuUeesi0bQ2cOGpTl6tJqI76Ys/mRbRZH1YYzm9Q6P0Etr5kbuQ9HdIxgcurz/5 roYltK8Nd86+qYRSikpCZtPyZKgEARuYArmEIprwgZigu1AqN4cdzrQrRT3FyTPL lQ9uCte/DcH5+qQl3DIeMVF+pdcAGsBrxxxEOfgU= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org Date: Thu, 21 Jan 2016 10:20:13 +0100 From: Jakub Jelinek <jakub@redhat.com> To: Kyrill Tkachov <kyrylo.tkachov@foss.arm.com> Cc: gcc-patches@gcc.gnu.org Subject: [PATCH] Fix buffer overflow in the arm port (PR target/69187) Message-ID: <20160121092013.GF3017@tucnak.redhat.com> Reply-To: Jakub Jelinek <jakub@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.24 (2015-08-30)

Message ID

20160121092013.GF3017@tucnak.redhat.com

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:cc:subject:message-id:reply-to:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=mno
	nSuUeesi0bQ2cOGpTl6tJqI76Ys/mRbRZH1YYzm9Q6P0Etr5kbuQ9HdIxgcurz/5
	roYltK8Nd86+qYRSikpCZtPyZKgEARuYArmEIprwgZigu1AqN4cdzrQrRT3FyTPL
	lQ9uCte/DcH5+qQl3DIeMVF+pdcAGsBrxxxEOfgU=
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org
Date: Thu, 21 Jan 2016 10:20:13 +0100
From: Jakub Jelinek <jakub@redhat.com>
To: Kyrill Tkachov <kyrylo.tkachov@foss.arm.com>
Cc: gcc-patches@gcc.gnu.org
Subject: [PATCH] Fix buffer overflow in the arm port (PR target/69187)
Message-ID: <20160121092013.GF3017@tucnak.redhat.com>
Reply-To: Jakub Jelinek <jakub@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.5.24 (2015-08-30)

Commit Message

Jakub Jelinek Jan. 21, 2016, 9:20 a.m. UTC

Hi!

This is the same issue that has been fixed a while ago in the aarch64 port
as PR65624.  Bootstrapped/regtested on armv7hl-linux-gnueabi, ok for trunk?

2016-01-21   Stefan Sørensen  <stefan.sorensen@spectralink.com>
	     Jakub Jelinek  <jakub@redhat.com>

	PR target/69187
	PR target/65624
	* config/arm/arm-builtins.c (arm_expand_neon_builtin): Increase
	args array size by one to avoid buffer overflow.

	* gcc.target/arm/pr69187.c: New test.


	Jakub

Comments

Kyrill Tkachov Jan. 21, 2016, 9:27 a.m. UTC | #1

On 21/01/16 09:20, Jakub Jelinek wrote:
> Hi!
>
> This is the same issue that has been fixed a while ago in the aarch64 port
> as PR65624.  Bootstrapped/regtested on armv7hl-linux-gnueabi, ok for trunk?

Ok, thanks for taking care of this.
Kyrill

> 2016-01-21   Stefan Sørensen  <stefan.sorensen@spectralink.com>
> 	     Jakub Jelinek  <jakub@redhat.com>
>
> 	PR target/69187
> 	PR target/65624
> 	* config/arm/arm-builtins.c (arm_expand_neon_builtin): Increase
> 	args array size by one to avoid buffer overflow.
>
> 	* gcc.target/arm/pr69187.c: New test.
>
> --- gcc/config/arm/arm-builtins.c.jj	2016-01-15 20:37:31.000000000 +0100
> +++ gcc/config/arm/arm-builtins.c	2016-01-20 09:04:40.121275057 +0100
> @@ -2246,7 +2246,7 @@ arm_expand_neon_builtin (int fcode, tree
>     neon_builtin_datum *d =
>   		&neon_builtin_data[fcode - ARM_BUILTIN_NEON_PATTERN_START];
>     enum insn_code icode = d->code;
> -  builtin_arg args[SIMD_MAX_BUILTIN_ARGS];
> +  builtin_arg args[SIMD_MAX_BUILTIN_ARGS + 1];
>     int num_args = insn_data[d->code].n_operands;
>     int is_void = 0;
>     int k;
> --- gcc/testsuite/gcc.target/arm/pr69187.c.jj	2016-01-20 09:02:53.832778539 +0100
> +++ gcc/testsuite/gcc.target/arm/pr69187.c	2016-01-20 09:03:26.132321652 +0100
> @@ -0,0 +1,19 @@
> +/* PR target/69187 */
> +/* { dg-do compile } */
> +/* { dg-require-effective-target arm_neon } */
> +/* { dg-options "-O0" }  */
> +/* { dg-add-options arm_neon }  */
> +
> +#include <arm_neon.h>
> +
> +int32x4_t
> +foo (void)
> +{
> +  int32x4_t vector_int32x4;
> +  int16x4_t vector3_int16x4;
> +  int16x4_t vector4_int16x4;
> +  static int32_t buffer_int32x4[32];
> +
> +  vector_int32x4 = vld1q_s32(buffer_int32x4);
> +  return vqdmlsl_lane_s16(vector_int32x4, vector3_int16x4, vector4_int16x4, 0);
> +}
>
> 	Jakub

--- gcc/config/arm/arm-builtins.c.jj	2016-01-15 20:37:31.000000000 +0100
+++ gcc/config/arm/arm-builtins.c	2016-01-20 09:04:40.121275057 +0100
@@ -2246,7 +2246,7 @@  arm_expand_neon_builtin (int fcode, tree
   neon_builtin_datum *d =
 		&neon_builtin_data[fcode - ARM_BUILTIN_NEON_PATTERN_START];
   enum insn_code icode = d->code;
-  builtin_arg args[SIMD_MAX_BUILTIN_ARGS];
+  builtin_arg args[SIMD_MAX_BUILTIN_ARGS + 1];
   int num_args = insn_data[d->code].n_operands;
   int is_void = 0;
   int k;
--- gcc/testsuite/gcc.target/arm/pr69187.c.jj	2016-01-20 09:02:53.832778539 +0100
+++ gcc/testsuite/gcc.target/arm/pr69187.c	2016-01-20 09:03:26.132321652 +0100
@@ -0,0 +1,19 @@ 
+/* PR target/69187 */
+/* { dg-do compile } */
+/* { dg-require-effective-target arm_neon } */
+/* { dg-options "-O0" }  */
+/* { dg-add-options arm_neon }  */
+
+#include <arm_neon.h>
+
+int32x4_t
+foo (void)
+{
+  int32x4_t vector_int32x4;
+  int16x4_t vector3_int16x4;
+  int16x4_t vector4_int16x4;
+  static int32_t buffer_int32x4[32];
+
+  vector_int32x4 = vld1q_s32(buffer_int32x4);
+  return vqdmlsl_lane_s16(vector_int32x4, vector3_int16x4, vector4_int16x4, 0);
+}

Fix buffer overflow in the arm port (PR target/69187)

Commit Message

Comments

Patch