From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 30B453858C32; Thu, 22 Feb 2024 12:08:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 30B453858C32 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1708603739; bh=WoO3GxHa3duug2c14Qi38GdVq+rpePDL+5eetP/bS1A=; h=From:To:Subject:Date:In-Reply-To:References:From; b=JQNqgzUpbKitfgDqveTUbGYIDm8cq9S95xtr3FPK946xnTbnlUjXjwFStFDyYMzwV ueQAUvFlm399/kTijOBEbrYmdTz3CJpTkRBzR6XiZDBndHq5wQlS50xjCgLE8xR7NU tokDMJubqF+ZRuEdRQ7Y+z7hbyp3zOn36poPMf7w= From: "cvs-commit at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug ipa/111960] [14 Regression] ICE: during GIMPLE pass: rebuild_frequencies: SIGSEGV (Invalid read of size 4) with -fdump-tree-rebuild_frequencies-all Date: Thu, 22 Feb 2024 12:08:52 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: ipa X-Bugzilla-Version: 14.0 X-Bugzilla-Keywords: ice-on-valid-code X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P1 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 14.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D111960 --- Comment #11 from GCC Commits --- The master branch has been updated by Jakub Jelinek : https://gcc.gnu.org/g:a0782531b8270f0fdb3f3e09b4ce544d5d1eef14 commit r14-9133-ga0782531b8270f0fdb3f3e09b4ce544d5d1eef14 Author: Jakub Jelinek Date: Thu Feb 22 13:07:25 2024 +0100 profile-count: Don't dump through a temporary buffer [PR111960] The profile_count::dump (char *, struct function * =3D NULL) const; method has a single caller, the profile_count::dump (FILE *f, struct function *fun) const; method and for that going through a temporary buffer is just slower and opens doors for buffer overflows, which is exactly why this P1 was filed. The buffer size is 64 bytes, the previous maximum "%" PRId64 " (%s)" would print up to 61 bytes in there (19 bytes for arbitrary uint64_t:61 bitfield printed as signed, "estimated locally, globally 0 adjusted" i.e. 38 bytes longest %s and 4 other characters). Now, after the r14-2389 changes, it can be 19 + 38 plus 11 other characters + %.4f, which is worst case 309 chars before decimal point, decimal point and 4 digits after it, so total 382 bytes. So, either we could bump the buffer[64] to buffer[400], or the following patch just drops the indirection through buffer and prints it directly = to stream. After all, having APIs which fill in some buffer without passi= ng down the size of the buffer is just asking for buffer overflows over ti= me. 2024-02-22 Jakub Jelinek PR ipa/111960 * profile-count.h (profile_count::dump): Remove overload with char * first argument. * profile-count.cc (profile_count::dump): Change overload with = char * first argument which uses sprintf into the overfload with FILE * first argument and use fprintf instead. Remove overload which wrapped it.=