[Bug tree-optimization/109806] [13/14 Regression] 13.1.0 cc1plus stack smashing crash with C array of complex structs

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "pinskia at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/109806] [13/14 Regression] 13.1.0 cc1plus stack smashing crash with C array of complex structs
Date: Thu, 11 May 2023 18:56:34 +0000	[thread overview]
Message-ID: <bug-109806-4-K6j7UQoFl8@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-109806-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109806

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |13.2
     Ever confirmed|0                           |1
            Summary|13.1.0 cc1plus stack        |[13/14 Regression] 13.1.0
                   |smashing crash with C array |cc1plus stack smashing
                   |of complex structs          |crash with C array of
                   |                            |complex structs
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2023-05-11
           Severity|normal                      |critical
           Keywords|                            |memory-hog

--- Comment #7 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Simple testcase:
```
struct basic_string {
  ~basic_string() { }
};
const basic_string data[] = { {} };
```

This fails with `ulimit -s 1024` which is not unreasonable limit even. The
default on Linux is 8MB, I just reduced it down to 1MB.

Backtrace:
#0  0x0000000001f7c9dc in gori_compute::compute_operand1_range (this=0x32aea00,
r=..., handler=..., lhs=..., name=0x7ffff79c3318, src=..., rel=0x0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:1081
#1  0x0000000001f7ad71 in gori_compute::compute_operand_range (this=0x32aea00,
r=..., stmt=0x7ffff79cf0a0, lhs=..., name=0x7ffff79c3318, src=..., rel=0x0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:711
#2  0x0000000001f7eeed in gori_compute::compute_operand_range (rel=0x0,
src=..., name=0x7ffff79c3318, lhs=..., stmt=0x7ffff79cf0a0, r=...,
this=0x32aea00) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:611
#3  gori_compute::outgoing_edge_range_p (this=this@entry=0x32aea00, r=...,
e=e@entry=0x7ffff79c1f00, name=name@entry=0x7ffff79c3318, q=...) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:1422
#4  0x0000000001f6f65f in ranger_cache::range_from_dom (this=<optimized out>,
r=..., name=0x7ffff79c3318, start_bb=<optimized out>,
mode=ranger_cache::RFD_FILL) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1629
#5  0x0000000001f7140a in ranger_cache::range_from_dom
(mode=ranger_cache::RFD_FILL, start_bb=0x7ffff79b5ae0, name=0x7ffff79c3318,
r=..., this=0x32ae9f0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1526
#6  ranger_cache::fill_block_cache (this=0x32ae9f0, name=0x7ffff79c3318,
bb=0x7ffff79b5ae0, def_bb=0x7ffff79b5a80) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1317
#7  0x0000000001f72082 in ranger_cache::block_range (this=0x32ae9f0, r=...,
bb=0x7ffff79b5ae0, name=0x7ffff79c3318, calc=true) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1144
#8  0x0000000001f68dda in gimple_ranger::range_on_entry (this=0x32ae9d0, r=...,
bb=0x7ffff79b5ae0, name=0x7ffff79c3318) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:156
#9  0x0000000001f6be2a in gimple_ranger::range_of_expr (this=0x32ae9d0, r=...,
expr=0x7ffff79c3318, stmt=<optimized out>) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:130
#10 0x0000000001f762bf in fold_using_range::range_of_range_op (this=<optimized
out>, r=..., handler=..., src=...) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/value-range.h:611
#11 0x0000000001f77db3 in fold_using_range::fold_stmt (this=0x7ffffffd5560,
r=..., s=0x7ffff79d0108, src=..., name=0x7ffff79c3438) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-fold.cc:490
#12 0x0000000001f6999a in gimple_ranger::fold_range_internal
(name=0x7ffff79c3438, s=0x7ffff79d0108, r=..., this=0x32ae9d0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:257
#13 gimple_ranger::prefill_stmt_dependencies (this=0x32ae9d0,
ssa=0x7ffff79c3318) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:392
#14 0x0000000001f6a45b in gimple_ranger::range_of_stmt (this=0x32ae9d0, r=...,
s=0x7ffff79caf00, name=<optimized out>) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:314
#15 0x0000000001f6a629 in gimple_ranger::register_inferred_ranges
(this=0x32ae9d0, s=s@entry=0x7ffff79caf00) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:474
#16 0x000000000154d2b1 in rvrp_folder::pre_fold_bb (this=0x7fffffffd940,
bb=0x7ffff79b5a80) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-vrp.cc:944
#17 0x000000000144a976 in substitute_and_fold_dom_walker::before_dom_children
(this=0x7fffffffd890, bb=0x7ffff79b5a80) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-ssa-propagate.cc:734
#18 0x0000000001f38f3f in dom_walker::walk (this=0x7fffffffd890,
bb=0x7ffff79b5a80) at /home/apinski/src/upstream-gcc-git/gcc/gcc/domwalk.cc:311
#19 0x0000000001449816 in substitute_and_fold_engine::substitute_and_fold
(this=this@entry=0x7fffffffd940, block=block@entry=0x0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-ssa-propagate.cc:971
#20 0x000000000154b6ca in execute_ranger_vrp (fun=0x7ffff79c52e0,
warn_array_bounds_p=false, final_p=false) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-vrp.cc:997


compute_operand1_range has a stack size of `120k` which seems large in itself
really.

next prev parent reply	other threads:[~2023-05-11 18:56 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-11  2:26 [Bug c++/109806] New: " amy at amyspark dot me
2023-05-11  2:48 ` [Bug tree-optimization/109806] " pinskia at gcc dot gnu.org
2023-05-11  6:46 ` rguenth at gcc dot gnu.org
2023-05-11  9:47 ` amy at amyspark dot me
2023-05-11  9:49 ` amy at amyspark dot me
2023-05-11 12:51 ` rguenth at gcc dot gnu.org
2023-05-11 18:01 ` pinskia at gcc dot gnu.org
2023-05-11 18:56 ` pinskia at gcc dot gnu.org [this message]
2023-05-11 20:05 ` [Bug tree-optimization/109806] [13/14 Regression] " jakub at gcc dot gnu.org
2023-05-11 20:44 ` amy at amyspark dot me
2023-05-11 22:45 ` reiter.christoph at gmail dot com
2023-05-12  1:43 ` sjames at gcc dot gnu.org
2023-05-15 21:35 ` sjames at gcc dot gnu.org
2023-05-15 22:27 ` amonakov at gcc dot gnu.org
2023-05-15 22:35 ` sjames at gcc dot gnu.org
2023-05-15 22:41 ` jakub at gcc dot gnu.org
2023-05-15 22:49 ` sjames at gcc dot gnu.org
2023-07-27  9:26 ` rguenth at gcc dot gnu.org
2024-01-12 11:30 ` rguenth at gcc dot gnu.org
2024-01-12 21:12 ` amy at amyspark dot me
2024-01-13  2:23 ` amy at amyspark dot me

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-109806-4-K6j7UQoFl8@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).