| Message ID | CADzB+2kucv8DPTWKeHhvjg9H49VHcBx7h4XgUA9O8VNsQ6jheQ@mail.gmail.com |
|---|---|
| State | New |
| Headers | show |
On Fri, May 19, 2017 at 4:32 AM, Jason Merrill <jason@redhat.com> wrote: > A patch I've been putting together ran into strange memory corruption > issues which turned out to be because the calculation in > make_tree_vec_stat was overflowing and allocating a small TREE_VEC > instead of a large one. This assert should work as a simple sanity > check. Hmm, looks like 'length' should be size_t? Then nothing can overflow anymore (on hosts with size_t 64bit and int 32bit) > Tested x86_64-pc-linux-gnu, OK for trunk? Thanks, Richard.
diff --git a/gcc/tree.c b/gcc/tree.c index 7506725..327332b 100644 --- a/gcc/tree.c +++ b/gcc/tree.c @@ -2270,6 +2270,9 @@ make_tree_vec_stat (int len MEM_STAT_DECL) tree t; int length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec); + /* Cheap check for overflow. */ + gcc_assert (length > len); + record_node_allocation_statistics (TREE_VEC, length); t = ggc_alloc_cleared_tree_node_stat (length PASS_MEM_STAT);
A patch I've been putting together ran into strange memory corruption issues which turned out to be because the calculation in make_tree_vec_stat was overflowing and allocating a small TREE_VEC instead of a large one. This assert should work as a simple sanity check. Tested x86_64-pc-linux-gnu, OK for trunk? commit 59ccf3b1dd5aaf9611a133ad55d950de525e862d Author: Jason Merrill <jason@redhat.com> Date: Thu May 18 15:23:53 2017 -0400 * tree.c (make_tree_vec_stat): Check for overflow.