[PR,target/80358,7,regression] Fix boundary check error in expand_block_compare
diff mbox

Message ID 1491593930.5965.3.camel@linux.vnet.ibm.com
State New
Headers show

Commit Message

Aaron Sawdey April 7, 2017, 7:38 p.m. UTC
Turns out we get passed const -1 for the length arg from this code.
ROUND_UP adds load_mode_size to that resulting in a small positive
number, hilarity ensues. Fixed by computing a sensible limit and using
IN_RANGE instead, which won't overflow in this way.

OK for trunk if bootstrap/regtest in progress passes?

2017-04-07  Aaron Sawdey  <acsawdey@linux.vnet.ibm.com>

	PR target/80358
	* config/rs6000/rs6000.c (expand_block_compare): Fix boundary check.

Comments

Segher Boessenkool April 7, 2017, 8:22 p.m. UTC | #1
On Fri, Apr 07, 2017 at 02:38:50PM -0500, Aaron Sawdey wrote:
> Turns out we get passed const -1 for the length arg from this code.
> ROUND_UP adds load_mode_size to that resulting in a small positive
> number, hilarity ensues.

Glad you liked it as well ;-)

> Fixed by computing a sensible limit and using
> IN_RANGE instead, which won't overflow in this way.
> 
> OK for trunk if bootstrap/regtest in progress passes?

Yes, looks good.  Thanks,


Segher


> 2017-04-07  Aaron Sawdey  <acsawdey@linux.vnet.ibm.com>
> 
> 	PR target/80358
> 	* config/rs6000/rs6000.c (expand_block_compare): Fix boundary check.
> 
> Index: gcc/config/rs6000/rs6000.c
> ===================================================================
> --- gcc/config/rs6000/rs6000.c  (revision 246771)
> +++ gcc/config/rs6000/rs6000.c  (working copy)
> @@ -19672,8 +19672,9 @@
>    unsigned int load_mode_size = GET_MODE_SIZE (load_mode);
>  
>    /* We don't want to generate too much code.  */
> -  if (ROUND_UP (bytes, load_mode_size) / load_mode_size
> -      > (unsigned HOST_WIDE_INT) rs6000_block_compare_inline_limit)
> +  unsigned HOST_WIDE_INT max_bytes =
> +    load_mode_size * (unsigned HOST_WIDE_INT) rs6000_block_compare_inline_limit;
> +  if (!IN_RANGE (bytes, 1, max_bytes))
>      return false;
>  
>    bool generate_6432_conversion = false;

Patch
diff mbox

Index: gcc/config/rs6000/rs6000.c
===================================================================
--- gcc/config/rs6000/rs6000.c  (revision 246771)
+++ gcc/config/rs6000/rs6000.c  (working copy)
@@ -19672,8 +19672,9 @@ 
   unsigned int load_mode_size = GET_MODE_SIZE (load_mode);
 
   /* We don't want to generate too much code.  */
-  if (ROUND_UP (bytes, load_mode_size) / load_mode_size
-      > (unsigned HOST_WIDE_INT) rs6000_block_compare_inline_limit)
+  unsigned HOST_WIDE_INT max_bytes =
+    load_mode_size * (unsigned HOST_WIDE_INT) rs6000_block_compare_inline_limit;
+  if (!IN_RANGE (bytes, 1, max_bytes))
     return false;
 
   bool generate_6432_conversion = false;