From patchwork Wed Dec 5 06:50:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandre Oliva X-Patchwork-Id: 1008030 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-491683-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="Y+vW5EVU"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 438qBK0l2gz9s7W for ; Wed, 5 Dec 2018 17:50:46 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:subject:date:message-id:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=LcOx7AdqOuB+64NN 5N7CZ86pdt/3L8V7M7DRim/gSb+TG/QzMCndOcFYSrA1aynwDkbob5t84bMTrWjY YLfS2sbZto5wrJiNMN6xj9UWtexMikIoHbH0JFrFJwkgsXu/+1/s+xCvF4yLwpx6 WsocPw71i6nM3gw0cjv7+F7O/38= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:subject:date:message-id:mime-version:content-type :content-transfer-encoding; s=default; bh=eSdBWr9oF4goXFdx7hCnuN mVjeY=; b=Y+vW5EVU5mY3bRE6JoVMrwtHxDxVYzv1RyYwD9Go3xNlN0Hu0C0gQ1 3VCIbe6bxSSEzAH1QAOZO/dfKSzygx2j0ei2zMWhet0+KfZZrCWcxj4OF11eXmqq GMxme2owyov4yK+0sk5GOHLXX8DSG0q80Ik12kk0D7SWq9Q9GYdTQ= Received: (qmail 100085 invoked by alias); 5 Dec 2018 06:50:39 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 100067 invoked by uid 89); 5 Dec 2018 06:50:38 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=formerly X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 05 Dec 2018 06:50:36 +0000 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 678093001DAB for ; Wed, 5 Dec 2018 06:50:35 +0000 (UTC) Received: from free.home (ovpn04.gateway.prod.ext.phx2.redhat.com [10.5.9.4]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 26FA060C5C; Wed, 5 Dec 2018 06:50:34 +0000 (UTC) Received: from livre (livre.home [172.31.160.2]) by free.home (8.15.2/8.15.2) with ESMTP id wB56oJDh445700; Wed, 5 Dec 2018 04:50:20 -0200 From: Alexandre Oliva To: gcc-patches@gcc.gnu.org Subject: avoid null ptr deref in cselib_record_sets Date: Wed, 05 Dec 2018 04:50:19 -0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Jeff Law tells me h8300-elf fails gcc.c-torture/compile/pr49029.c with -O2 -g -mint32 -mh. This patch fixes it. The problem is that strict low part handling in cselib_record_sets assumes src_elt is not NULL. That src_elt is taken from a strict low part set, but it won't always have a src_elt to begin with. In this case, it's because src is a volatile MEM; we don't record values for those. Although we could fix the problem by testing for a NULL src_elt before creating the zero extends corresponding to strict low part sets of formerly const0_rtx REGs, there's no point in recording the additional set that we won't be able to use anyway. We could still record that the whole register has a zero-extend of the value stored in the narrower-mode strict low part of the register, but is that of any use? I guess not, but if we find otherwise, we can change that later. Jeff tested this with a cross compiler to h8300-elf, and several other native and cross toolchains IIUC. I'm regstrapping it myself on i686- and x86_64-linux-gnu. Ok to install? for gcc/ChangeLog * cselib.c (cselib_record_sets): Skip strict low part sets with NULL src_elt. --- gcc/cselib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/gcc/cselib.c b/gcc/cselib.c index 6d3a4078c689..4a68439455fd 100644 --- a/gcc/cselib.c +++ b/gcc/cselib.c @@ -2616,6 +2616,7 @@ cselib_record_sets (rtx_insn *insn) preserves the upper bits that di:SI=zero_extend(flags:CCNO<=0). */ scalar_int_mode mode; if (dest != orig + && sets[i].src_elt && cselib_record_sets_hook && REG_P (dest) && HARD_REGISTER_P (dest)