Message ID | CADzB+2kucv8DPTWKeHhvjg9H49VHcBx7h4XgUA9O8VNsQ6jheQ@mail.gmail.com |
---|---|
State | New |
Headers | show |
On Fri, May 19, 2017 at 4:32 AM, Jason Merrill <jason@redhat.com> wrote: > A patch I've been putting together ran into strange memory corruption > issues which turned out to be because the calculation in > make_tree_vec_stat was overflowing and allocating a small TREE_VEC > instead of a large one. This assert should work as a simple sanity > check. Hmm, looks like 'length' should be size_t? Then nothing can overflow anymore (on hosts with size_t 64bit and int 32bit) > Tested x86_64-pc-linux-gnu, OK for trunk? Thanks, Richard.
diff --git a/gcc/tree.c b/gcc/tree.c index 7506725..327332b 100644 --- a/gcc/tree.c +++ b/gcc/tree.c @@ -2270,6 +2270,9 @@ make_tree_vec_stat (int len MEM_STAT_DECL) tree t; int length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec); + /* Cheap check for overflow. */ + gcc_assert (length > len); + record_node_allocation_statistics (TREE_VEC, length); t = ggc_alloc_cleared_tree_node_stat (length PASS_MEM_STAT);