Fix use-after-scope error.

Message ID 5ece33f1-c51b-2cda-3a47-711652835b11@suse.cz
State New
Headers show
Series
  • Fix use-after-scope error.
Related show

Commit Message

Martin Liška Oct. 11, 2017, 6:17 a.m.
Hello.

One can see use-after-scope error in boostrap-asan:

Executing on host: /home/marxin/gcc/objdir2/gcc/xgcc -B/home/marxin/gcc/objdir2/gcc/  -fno-diagnostics-show-caret -fdiagnostics-color=never  -w  -O3 -g   -dumpbase dump1/dump-noaddr.c -DMASK=1 -x c --param ggc-min-heapsize=1 -fdump-ipa-all -fdump-rtl-all -fdump-tree-all -
fdump-noaddr -c   -o /home/marxin/gcc/objdir2/gcc/testsuite/gcc27/dump-noaddr.o /home/marxin/gcc/gcc/testsuite/gcc.c-torture/unsorted/dump-noaddr.c    (timeout = 300)
spawn /home/marxin/gcc/objdir2/gcc/xgcc -B/home/marxin/gcc/objdir2/gcc/ -fno-diagnostics-show-caret -fdiagnostics-color=never -w -O3 -g -dumpbase dump1/dump-noaddr.c -DMASK=1 -x c --param ggc-min-heapsize=1 -fdump-ipa-all -fdump-rtl-all -fdump-tree-all -fdump-noaddr -c -o
 /home/marxin/gcc/objdir2/gcc/testsuite/gcc27/dump-noaddr.o /home/marxin/gcc/gcc/testsuite/gcc.c-torture/unsorted/dump-noaddr.c
=================================================================
==88887==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffffff9890 at pc 0x0000009d9361 bp 0x7fffffff9280 sp 0x7fffffff8a30
READ of size 4 at 0x7fffffff9890 thread T0
    #0 0x9d9360 in __interceptor_strlen ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:225
    #1 0x3189f03 in pp_string(pretty_printer*, char const*) ../../gcc/pretty-print.c:990
    #2 0x318cb5a in pp_format(pretty_printer*, text_info*) ../../gcc/pretty-print.c:599
    #3 0x318ecfe in pp_printf(pretty_printer*, char const*, ...) ../../gcc/pretty-print.c:937
    #4 0x17ac387 in print_insn(pretty_printer*, rtx_insn const*, int) ../../gcc/print-rtl.c:1816
    #5 0x17ac837 in print_insn_with_notes ../../gcc/print-rtl.c:1897
    #6 0x17b5c73 in dump_insn_slim(_IO_FILE*, rtx_insn const*) ../../gcc/print-rtl.c:1934
    #7 0x2e61d85 in combine_instructions ../../gcc/combine.c:1218
    #8 0x2e61d85 in rest_of_handle_combine ../../gcc/combine.c:14784
    #9 0x2e61d85 in execute ../../gcc/combine.c:14829
    #10 0x173d971 in execute_one_pass(opt_pass*) ../../gcc/passes.c:2495
    #11 0x173f126 in execute_pass_list_1 ../../gcc/passes.c:2584
    #12 0x173f150 in execute_pass_list_1 ../../gcc/passes.c:2585
    #13 0x173f1af in execute_pass_list(function*, opt_pass*) ../../gcc/passes.c:2595
    #14 0xeb7957 in cgraph_node::expand() ../../gcc/cgraphunit.c:2115
    #15 0xeba71e in expand_all_functions ../../gcc/cgraphunit.c:2251
    #16 0xeba71e in symbol_table::compile() ../../gcc/cgraphunit.c:2599
    #17 0xec0e40 in symbol_table::compile() ../../gcc/cgraphunit.c:2695
    #18 0xec0e40 in symbol_table::finalize_compilation_unit() ../../gcc/cgraphunit.c:2692
    #19 0x19e3a8b in compile_file ../../gcc/toplev.c:481
    #20 0x9a2a3f in do_compile ../../gcc/toplev.c:2037
    #21 0x9a2a3f in toplev::main(int, char**) ../../gcc/toplev.c:2172
    #22 0x9acd24 in main ../../gcc/main.c:39
    #23 0x7ffff6a396e4 in __libc_start_main (/lib64/libc.so.6+0x206e4)
    #24 0x9adf28 in _start (/home/marxin/gcc/objdir2/gcc/cc1+0x9adf28)

Address 0x7fffffff9890 is located in stack of thread T0 at offset 96 in frame
    #0 0x17abfdf in print_insn(pretty_printer*, rtx_insn const*, int) ../../gcc/print-rtl.c:1777

  This frame has 2 object(s):
    [32, 64) 'uid_prefix'
    [96, 128) 'idbuf' <== Memory access at offset 96 is inside this variable
...

This is fix of that. It's quite clear.
Patch can bootstrap on ppc64le-redhat-linux and survives regression tests.

Ready to be installed?
Martin

gcc/ChangeLog:

2017-10-10  Martin Liska  <mliska@suse.cz>

	* print-rtl.c (print_insn): Move declaration of idbuf
	to same scope as name.
---
 gcc/print-rtl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Jakub Jelinek Oct. 11, 2017, 7:15 a.m. | #1
On Wed, Oct 11, 2017 at 08:17:25AM +0200, Martin Liška wrote:
> One can see use-after-scope error in boostrap-asan:
> 
> gcc/ChangeLog:
> 
> 2017-10-10  Martin Liska  <mliska@suse.cz>
> 
> 	* print-rtl.c (print_insn): Move declaration of idbuf
> 	to same scope as name.
> ---
>  gcc/print-rtl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> 

> diff --git a/gcc/print-rtl.c b/gcc/print-rtl.c
> index 79ec463df45..28d99862cad 100644
> --- a/gcc/print-rtl.c
> +++ b/gcc/print-rtl.c
> @@ -1792,11 +1792,11 @@ print_insn (pretty_printer *pp, const rtx_insn *x, int verbose)
>      case DEBUG_INSN:
>        {
>  	const char *name = "?";
> +	char idbuf[32];
>  
>  	if (DECL_P (INSN_VAR_LOCATION_DECL (x)))
>  	  {
>  	    tree id = DECL_NAME (INSN_VAR_LOCATION_DECL (x));
> -	    char idbuf[32];
>  	    if (id)
>  	      name = IDENTIFIER_POINTER (id);
>  	    else if (TREE_CODE (INSN_VAR_LOCATION_DECL (x))

Ok.  This should IMHO go into release branches too.

	Jakub
Martin Liška Oct. 11, 2017, 12:24 p.m. | #2
On 10/11/2017 09:15 AM, Jakub Jelinek wrote:
> On Wed, Oct 11, 2017 at 08:17:25AM +0200, Martin Liška wrote:
>> One can see use-after-scope error in boostrap-asan:
>>
>> gcc/ChangeLog:
>>
>> 2017-10-10  Martin Liska  <mliska@suse.cz>
>>
>> 	* print-rtl.c (print_insn): Move declaration of idbuf
>> 	to same scope as name.
>> ---
>>  gcc/print-rtl.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>>
> 
>> diff --git a/gcc/print-rtl.c b/gcc/print-rtl.c
>> index 79ec463df45..28d99862cad 100644
>> --- a/gcc/print-rtl.c
>> +++ b/gcc/print-rtl.c
>> @@ -1792,11 +1792,11 @@ print_insn (pretty_printer *pp, const rtx_insn *x, int verbose)
>>      case DEBUG_INSN:
>>        {
>>  	const char *name = "?";
>> +	char idbuf[32];
>>  
>>  	if (DECL_P (INSN_VAR_LOCATION_DECL (x)))
>>  	  {
>>  	    tree id = DECL_NAME (INSN_VAR_LOCATION_DECL (x));
>> -	    char idbuf[32];
>>  	    if (id)
>>  	      name = IDENTIFIER_POINTER (id);
>>  	    else if (TREE_CODE (INSN_VAR_LOCATION_DECL (x))
> 
> Ok.  This should IMHO go into release branches too.

Yes, will do that.

Martin

> 
> 	Jakub
>

Patch

diff --git a/gcc/print-rtl.c b/gcc/print-rtl.c
index 79ec463df45..28d99862cad 100644
--- a/gcc/print-rtl.c
+++ b/gcc/print-rtl.c
@@ -1792,11 +1792,11 @@  print_insn (pretty_printer *pp, const rtx_insn *x, int verbose)
     case DEBUG_INSN:
       {
 	const char *name = "?";
+	char idbuf[32];
 
 	if (DECL_P (INSN_VAR_LOCATION_DECL (x)))
 	  {
 	    tree id = DECL_NAME (INSN_VAR_LOCATION_DECL (x));
-	    char idbuf[32];
 	    if (id)
 	      name = IDENTIFIER_POINTER (id);
 	    else if (TREE_CODE (INSN_VAR_LOCATION_DECL (x))