From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 39EC83857827; Mon, 19 Jul 2021 07:51:10 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 39EC83857827 From: "pinskia at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug target/100211] [9/10/11/12 Regression] aarch64: OOB accesses in aarch64_{save,restore}_callee_saves Date: Mon, 19 Jul 2021 07:51:10 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: target X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: pinskia at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 9.5 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: everconfirmed cf_reconfirmed_on short_desc cf_known_to_work bug_status target_milestone Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2021 07:51:10 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D100211 Andrew Pinski changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Last reconfirmed| |2021-07-19 Summary|aarch64: OOB accesses in |[9/10/11/12 Regression] |aarch64_{save,restore}_call |aarch64: OOB accesses in |ee_saves |aarch64_{save,restore}_call | |ee_saves Known to work| |6.0 Status|UNCONFIRMED |NEW Target Milestone|--- |9.5 --- Comment #1 from Andrew Pinski --- The loop does: for (regno =3D aarch64_next_callee_save (start, limit); regno <=3D limit; regno =3D aarch64_next_callee_save (regno + 1, limit)) Really this: bool reg_is_wrapped_separately[LAST_SAVED_REGNUM]; Should be: bool reg_is_wrapped_separately[LAST_SAVED_REGNUM + 1]; In aarch64.h. It has been wrong since r7-5127 .=