[Bug c++/44613] New: Declaring an array with non-constant length inside a switch corrupts stack pointer.

[Bug c++/44613] New: Declaring an array with non-constant length inside a switch corrupts stack pointer.

[mark dot haines at openmarket dot com]

The following program compiles with g++ -O3 without errors or warnings but sets
crash at the first printf. It seems to zero the stack pointer before calling
printf.

----- Begin switch-crash.ii
# 1 "switch-crash.cpp"
# 1 "<built-in>"
# 1 "<command-line>"
# 1 "switch-crash.cpp"
extern "C" int printf (__const char *__restrict __format, ...);

int f(int len) {
    switch(1) {
        case 1:
            char x[len];
            break;
    }
    printf("Done\n");
}

int main() {
    f(1);
    printf("Done\n");
}
------ End switch-crash.ii

Output of g++ -v:

Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.4.3-4ubuntu5'
--with-bugurl=file:///usr/share/doc/gcc-4.4/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared
--enable-multiarch --enable-linker-build-id --with-system-zlib
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/include/c++/4.4 --program-suffix=-4.4 --enable-nls
--enable-clocale=gnu --enable-libstdcxx-debug --enable-plugin --enable-objc-gc
--disable-werror --with-arch-32=i486 --with-tune=generic
--enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.4.3 (Ubuntu 4.4.3-4ubuntu5)


-- 
           Summary:  Declaring an array with non-constant length inside a
                    switch corrupts stack pointer.
           Product: gcc
           Version: 4.4.3
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: mark dot haines at openmarket dot com
GCC target triplet: x86_64-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

[Bug c++/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[redi at gcc dot gnu dot org]

------- Comment #1 from redi at gcc dot gnu dot org  2010-06-21 16:22 -------
(In reply to comment #0)
> The following program compiles with g++ -O3 without errors or warnings

Not with warnings enabled it doesn't!


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

[Bug c++/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[manu at gcc dot gnu dot org]

------- Comment #2 from manu at gcc dot gnu dot org  2010-06-21 16:45 -------
(In reply to comment #1)
> (In reply to comment #0)
> > The following program compiles with g++ -O3 without errors or warnings
> 
> Not with warnings enabled it doesn't!
> 

???


-- 

manu at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |manu at gcc dot gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

[Bug c++/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[mark dot haines at openmarket dot com]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 690 bytes --]



------- Comment #3 from mark dot haines at openmarket dot com  2010-06-21 16:47 -------
(In reply to comment #1)
> (In reply to comment #0)
> > The following program compiles with g++ -O3 without errors or warnings
> 
> Not with warnings enabled it doesn't!
> 

Sorry,

g++ -O3 -Wall -Wextra switch-crash.cpp gives:

switch-crash.cpp: In function ‘int f(int)’:
switch-crash.cpp:6: warning: unused variable ‘x’
switch-crash.cpp:10: warning: no return statement in function returning
non-void
switch-crash.cpp:7: warning: ‘saved_stack.1’ is used uninitialized in this
function

The ‘saved_stack.1’ is somewhat suspicious. 


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

[Bug c++/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[manu at gcc dot gnu dot org]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1328 bytes --]



------- Comment #4 from manu at gcc dot gnu dot org  2010-06-21 16:51 -------
(In reply to comment #3)
> (In reply to comment #1)
> > (In reply to comment #0)
> > > The following program compiles with g++ -O3 without errors or warnings
> > 
> > Not with warnings enabled it doesn't!
> > 
> 
> Sorry,
> 
> g++ -O3 -Wall -Wextra switch-crash.cpp gives:
> 
> switch-crash.cpp: In function ‘int f(int)’:
> switch-crash.cpp:6: warning: unused variable ‘x’
> switch-crash.cpp:10: warning: no return statement in function returning
> non-void

If you add return 0 after the printf, this warning is silenced and it still
crashes (it crashes for me even at -O0).

> switch-crash.cpp:7: warning: ‘saved_stack.1’ is used uninitialized in this
> function
> 
> The ‘saved_stack.1’ is somewhat suspicious. 

It is a bug anyway, because internal variables should never be warned.


-- 

manu at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1
   Last reconfirmed|0000-00-00 00:00:00         |2010-06-21 16:51:06
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

[Bug middle-end/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[rguenth at gcc dot gnu dot org]

------- Comment #5 from rguenth at gcc dot gnu dot org  2010-06-22 11:16 -------
gimplification is bogus:

    switch (1) <default: <D.2122>, case 1: <D.2096>>
    {
      char x[0:D.2106] [value-expr: *x.0];

      saved_stack.1 = __builtin_stack_save ();
      try
        {
          <D.2096>:
...
        }
      finally
        {
          __builtin_stack_restore (saved_stack.1);
        }

but pre-tree-ssa we didn't get it right either.


-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|c++                         |middle-end
           Keywords|                            |wrong-code
      Known to fail|                            |3.4.6


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

[Bug c++/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[pinskia at gcc dot gnu dot org]

------- Comment #6 from pinskia at gcc dot gnu dot org  2010-07-21 23:45 -------
It is the gimplification of SWITCH_STMT which is a C++ front-end tree.

Works with the C front-end too.


-- 

pinskia at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|middle-end                  |c++


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

[Bug c++/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |4.9.0
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #11 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Fixed.

[Bug c++/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[asolokha at gmx dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

Arseny Solokha <asolokha at gmx dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |asolokha at gmx dot com

--- Comment #10 from Arseny Solokha <asolokha at gmx dot com> ---
I believe this PR can be closed.

[Bug c++/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[jason at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

--- Comment #9 from Jason Merrill <jason at gcc dot gnu.org> ---
Author: jason
Date: Fri Apr  4 19:36:00 2014
New Revision: 209125

URL: http://gcc.gnu.org/viewcvs?rev=209125&root=gcc&view=rev
Log:
    PR c++/44613
    * semantics.c (add_stmt): Set STATEMENT_LIST_HAS_LABEL.
    * decl.c (cp_finish_decl): Create a new BIND_EXPR before
    instantiating a variable-sized type.

Added:
    trunk/gcc/testsuite/g++.dg/ext/vla15.C
Modified:
    trunk/gcc/cp/ChangeLog
    trunk/gcc/cp/decl.c
    trunk/gcc/cp/semantics.c

[Bug c++/44613] Declaring an array with non-constant length inside a switch corrupts stack pointer.

[yselkowitz at users dot sourceforge.net]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44613

--- Comment #7 from Yaakov (Cygwin Ports) <yselkowitz at users dot sourceforge.net> 2011-03-30 09:11:43 UTC ---
Isn't this just a case of "jump to case label crosses initialization", which is
now an error?