From patchwork Tue Jun 20 07:27:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Jelinek X-Patchwork-Id: 778143 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wsKF86Y23z9s7C for ; Tue, 20 Jun 2017 17:27:54 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="BFX2LAiV"; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:reply-to:mime-version :content-type; q=dns; s=default; b=B0WCQQIHOIKtWpOUdlDJW2VT76IQG jqBgCWeKKJaj76mR6Leq4W6mlTAm+mCctdQ1bZTWdeIGoJASxNiqN6qHddwfQaJ2 3ZObPhLCbyA64H6WL+3PF2cTQlcXOVzoQ7MAgJUWy7U/N0vq4tRSRVa6OdHgwgLp 0wmzJguVFW6r00= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:reply-to:mime-version :content-type; s=default; bh=4g6/ymnc64p+CaAaXDHPXxdm2Z8=; b=BFX 2LAiVBdZYWRz2vFKFumGlgjqQdOR1ZD1k+KZnjlu8WAHIVd8rzPQscckERiCIs4D dEmXry6dZ1P+JC8Iht8ZHEb1kxQJ4NpabStJa3S65jSMjY/EqB+77+M3bnR7ar+i QgS4IGVBrwE+U7m1LvafWzXk6uqM3Dd9GCFd5Ucc= Received: (qmail 104601 invoked by alias); 20 Jun 2017 07:27:46 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 104592 invoked by uid 89); 20 Jun 2017 07:27:46 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-10.9 required=5.0 tests=BAYES_00, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=COSTS, HTo:U*vmakarov, 17447, HERE X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 20 Jun 2017 07:27:45 +0000 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F031636807 for ; Tue, 20 Jun 2017 07:27:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com F031636807 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=jakub@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com F031636807 Received: from tucnak.zalov.cz (ovpn-116-143.ams2.redhat.com [10.36.116.143]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8EFE77F772; Tue, 20 Jun 2017 07:27:42 +0000 (UTC) Received: from tucnak.zalov.cz (localhost [127.0.0.1]) by tucnak.zalov.cz (8.15.2/8.15.2) with ESMTP id v5K7RbTA007309; Tue, 20 Jun 2017 09:27:37 +0200 Received: (from jakub@localhost) by tucnak.zalov.cz (8.15.2/8.15.2/Submit) id v5K7RaoE007308; Tue, 20 Jun 2017 09:27:36 +0200 Date: Tue, 20 Jun 2017 09:27:36 +0200 From: Jakub Jelinek To: Vladimir Makarov Cc: gcc-patches@gcc.gnu.org Subject: [PATCH] Fix UB in ira-costs.c (find_costs_and_classes) Message-ID: <20170620072736.GD2123@tucnak> Reply-To: Jakub Jelinek MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.7.1 (2016-10-04) X-IsSubscribed: yes Hi! bootstrap-ubsan revealed many ../../gcc/ira-costs.c:1747:20: runtime error: member access within null pointer of type 'cost_classes *[107]' issues. The problem is that cost_classes_ptr is sometimes NULL, but in those cases we have early exit: if (! allocno_p) { if (regno_reg_rtx[i] == NULL_RTX) continue; // <----- HERE memcpy (temp_costs, COSTS (costs, i), struct_costs_size); i_mem_cost = temp_costs->mem_cost; } else { if (ira_regno_allocno_map[i] == NULL) continue; // <----- or HERE ... } Still, cost_classes_ptr->classes where classes is an array is UB when cost_classes_ptr is NULL, so this patch moves it after the if (...) continue; in both branches (because it is needed both later in the else ... and after the whole if. Bootstrapped/regtested on x86_64-linux and i686-linux (with bootstrap-ubsan), ok for trunk? 2017-06-20 Jakub Jelinek * ira-costs.c (find_costs_and_classes): Initialize cost_classes later to make sure not to dereference a NULL cost_classes_ptr pointer. Jakub --- gcc/ira-costs.c.jj 2017-06-19 22:56:35.000000000 +0200 +++ gcc/ira-costs.c 2017-06-20 00:27:38.032572231 +0200 @@ -1744,7 +1744,7 @@ find_costs_and_classes (FILE *dump_file) int best_cost, allocno_cost; enum reg_class best, alt_class; cost_classes_t cost_classes_ptr = regno_cost_classes[i]; - enum reg_class *cost_classes = cost_classes_ptr->classes; + enum reg_class *cost_classes; int *i_costs = temp_costs->cost; int i_mem_cost; int equiv_savings = regno_equiv_gains[i]; @@ -1755,6 +1755,7 @@ find_costs_and_classes (FILE *dump_file) continue; memcpy (temp_costs, COSTS (costs, i), struct_costs_size); i_mem_cost = temp_costs->mem_cost; + cost_classes = cost_classes_ptr->classes; } else { @@ -1762,6 +1763,7 @@ find_costs_and_classes (FILE *dump_file) continue; memset (temp_costs, 0, struct_costs_size); i_mem_cost = 0; + cost_classes = cost_classes_ptr->classes; /* Find cost of all allocnos with the same regno. */ for (a = ira_regno_allocno_map[i]; a != NULL;