From patchwork Fri Apr 7 19:38:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Aaron Sawdey X-Patchwork-Id: 748444 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3w08z4670Qz9s2s for ; Sat, 8 Apr 2017 05:39:12 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="AnveAxV4"; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :subject:from:to:cc:date:content-type:mime-version :content-transfer-encoding:message-id; q=dns; s=default; b=LrwJO tLAHp+07e77kcX+tU9GBH7M5PQ1LUROeidIa+3mv3dTtZfHduldBs2VfPe2Y8tGq XmR1dZDhKu8Wo0FLKbwXFhRtc4smPnMff+94kN8T71UUs8gPdGHft5P6qjL/SCwz MjpGMzCnEhmIksw0/EW1pffVYIw7ih1ZfDPMKs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :subject:from:to:cc:date:content-type:mime-version :content-transfer-encoding:message-id; s=default; bh=lt+vreQmIY1 y1kBNS2BZlMbEWHI=; b=AnveAxV4hYsxo/TkO+T+saLYTKcnSsHZGY1C5cEI9qS oduSj9BrZhWBKix3WCZ4CjehEekfYqdp1qlbpcb3VIyzpbje/IKC1iP6vrrYIS+F uAUyL20Tu7wnkRCYpEYWzVuQqYa0CGx0k6KvJMPttqpl9pfwCZQ0OWzbkjcoYIX8 = Received: (qmail 18280 invoked by alias); 7 Apr 2017 19:39:02 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 18267 invoked by uid 89); 7 Apr 2017 19:39:01 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-11.6 required=5.0 tests=BAYES_00, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 spammy= X-HELO: mx0a-001b2d01.pphosted.com Received: from mx0b-001b2d01.pphosted.com (HELO mx0a-001b2d01.pphosted.com) (148.163.158.5) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 07 Apr 2017 19:39:00 +0000 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v37JcseK035861 for ; Fri, 7 Apr 2017 15:39:00 -0400 Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154]) by mx0b-001b2d01.pphosted.com with ESMTP id 29pdy1qyvr-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Fri, 07 Apr 2017 15:39:00 -0400 Received: from localhost by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 7 Apr 2017 13:38:59 -0600 Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17) by e36.co.us.ibm.com (192.168.1.136) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 7 Apr 2017 13:38:58 -0600 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v37Jcvbd11927964; Fri, 7 Apr 2017 12:38:57 -0700 Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9CA126A03F; Fri, 7 Apr 2017 13:38:57 -0600 (MDT) Received: from ragesh3a (unknown [9.85.178.187]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP id D8D476A03D; Fri, 7 Apr 2017 13:38:56 -0600 (MDT) Subject: [PATCH][PR target/80358][7 regression] Fix boundary check error in expand_block_compare From: Aaron Sawdey To: gcc-patches@gcc.gnu.org Cc: Segher Boessenkool , David Edelsohn , Bill Schmidt Date: Fri, 07 Apr 2017 14:38:50 -0500 Mime-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 17040719-0020-0000-0000-00000BB84A25 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00006894; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000208; SDB=6.00844405; UDB=6.00416228; IPR=6.00622702; BA=6.00005275; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00014958; XFM=3.00000013; UTC=2017-04-07 19:38:59 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17040719-0021-0000-0000-00005B7F398A Message-Id: <1491593930.5965.3.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-04-07_16:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1704070161 X-IsSubscribed: yes Turns out we get passed const -1 for the length arg from this code. ROUND_UP adds load_mode_size to that resulting in a small positive number, hilarity ensues. Fixed by computing a sensible limit and using IN_RANGE instead, which won't overflow in this way. OK for trunk if bootstrap/regtest in progress passes? 2017-04-07  Aaron Sawdey   PR target/80358 * config/rs6000/rs6000.c (expand_block_compare): Fix boundary check. Index: gcc/config/rs6000/rs6000.c =================================================================== --- gcc/config/rs6000/rs6000.c (revision 246771) +++ gcc/config/rs6000/rs6000.c (working copy) @@ -19672,8 +19672,9 @@ unsigned int load_mode_size = GET_MODE_SIZE (load_mode); /* We don't want to generate too much code. */ - if (ROUND_UP (bytes, load_mode_size) / load_mode_size - > (unsigned HOST_WIDE_INT) rs6000_block_compare_inline_limit) + unsigned HOST_WIDE_INT max_bytes = + load_mode_size * (unsigned HOST_WIDE_INT) rs6000_block_compare_inline_limit; + if (!IN_RANGE (bytes, 1, max_bytes)) return false; bool generate_6432_conversion = false;