public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/53136] New: Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem
@ 2012-04-27 9:02 ubizjak at gmail dot com
2012-04-30 18:05 ` [Bug middle-end/53136] " ubizjak at gmail dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: ubizjak at gmail dot com @ 2012-04-27 9:02 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53136
Bug #: 53136
Summary: Use after free in ipa_make_edge_direct_to_target,
cxx_printable_name_internal problem
Classification: Unclassified
Product: gcc
Version: 4.8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: ubizjak@gmail.com
Target: x86_64-pc-linux-gnu
Running compilation of iinline-2.C from gcc/testsuite/g++.dg/ipa test directory
under valgrind on x86_64-pc-linux-gnu, I got:
$ valgrind ~/gcc-build/gcc/cc1plus -O3 -fdump-ipa-inline -fno-early-inlining
-quiet iinline-2.C
[uros@localhost ipa]$ valgrind ~/gcc-build/gcc/cc1plus -O3 -fdump-ipa-inline
-fno-early-inlining -quiet iinline-2.C
==15980== Memcheck, a memory error detector
==15980== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==15980== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==15980== Command: /home/uros/gcc-build/gcc/cc1plus -O3 -fdump-ipa-inline
-fno-early-inlining -quiet iinline-2.C
==15980==
==15980== Invalid read of size 8
==15980== at 0xFB8954: search_line_sse42(unsigned char const*, unsigned char
const*) (lex.c:461)
==15980== by 0xFB8E61: _cpp_clean_line (lex.c:739)
==15980== by 0xFB9887: _cpp_get_fresh_line (lex.c:2000)
==15980== by 0xFBAFC0: _cpp_lex_direct (lex.c:2065)
==15980== by 0xFBBD4B: _cpp_lex_token (lex.c:1939)
==15980== by 0xFBFE8F: cpp_get_token_1(cpp_reader*, unsigned int*)
(macro.c:2245)
==15980== by 0x717582: c_lex_with_flags(tree_node**, unsigned int*, unsigned
char*, int) (c-lex.c:302)
==15980== by 0x5EFADF: cp_lexer_get_preprocessor_token(cp_lexer*, cp_token*)
(parser.c:721)
==15980== by 0x61D998: c_parse_file() (parser.c:600)
==15980== by 0x71D684: c_common_parse_file() (c-opts.c:1124)
==15980== by 0xA6005F: toplev_main(int, char**) (toplev.c:555)
==15980== by 0x322F62169C: (below main) (libc-start.c:226)
==15980== Address 0x4cf8ba8 is 0 bytes after a block of size 1,128 alloc'd
==15980== at 0x4A075B2: realloc (vg_replace_malloc.c:525)
==15980== by 0xFE4E7C: xrealloc (xmalloc.c:179)
==15980== by 0xFAD973: _cpp_convert_input (charset.c:1734)
==15980== by 0xFB61EA: read_file(cpp_reader*, _cpp_file*) (files.c:652)
==15980== by 0xFB6D9D: _cpp_stack_file (files.c:723)
==15980== by 0xFB86F7: cpp_read_main_file(cpp_reader*, char const*)
(init.c:593)
==15980== by 0x71CCEB: c_common_post_options(char const**) (c-opts.c:1056)
==15980== by 0xA5F9FA: toplev_main(int, char**) (toplev.c:1228)
==15980== by 0x322F62169C: (below main) (libc-start.c:226)
==15980==
==15980== Invalid read of size 1
==15980== at 0x322F64B3C6: vfprintf (vfprintf.c:1571)
==15980== by 0x322F651F46: fprintf (fprintf.c:33)
==15980== by 0x93FB69: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (ipa-prop.c:1784)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== by 0x5DD8FA: cp_write_global_declarations() (decl2.c:4030)
==15980== by 0xA600AB: toplev_main(int, char**) (toplev.c:571)
==15980== Address 0xb7bac50 is 0 bytes inside a block of size 31 free'd
==15980== at 0x4A0662E: free (vg_replace_malloc.c:366)
==15980== by 0x68C540: cxx_printable_name_internal(tree_node*, int, bool)
(tree.c:1615)
==15980== by 0x93FB33: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (cgraph.h:755)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== by 0x5DD8FA: cp_write_global_declarations() (decl2.c:4030)
==15980== by 0xA600AB: toplev_main(int, char**) (toplev.c:571)
==15980==
==15980== Invalid read of size 2
==15980== at 0x322F68BF7B: __GI_mempcpy (memcpy.S:84)
==15980== by 0x322F679375: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1350)
==15980== by 0x322F64B3A7: vfprintf (vfprintf.c:1571)
==15980== by 0x322F651F46: fprintf (fprintf.c:33)
==15980== by 0x93FB69: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (ipa-prop.c:1784)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== Address 0xb7bac50 is 0 bytes inside a block of size 31 free'd
==15980== at 0x4A0662E: free (vg_replace_malloc.c:366)
==15980== by 0x68C540: cxx_printable_name_internal(tree_node*, int, bool)
(tree.c:1615)
==15980== by 0x93FB33: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (cgraph.h:755)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== by 0x5DD8FA: cp_write_global_declarations() (decl2.c:4030)
==15980== by 0xA600AB: toplev_main(int, char**) (toplev.c:571)
==15980==
==15980== Invalid read of size 4
==15980== at 0x322F68BF8E: __GI_mempcpy (memcpy.S:96)
==15980== by 0x322F679375: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1350)
==15980== by 0x322F64B3A7: vfprintf (vfprintf.c:1571)
==15980== by 0x322F651F46: fprintf (fprintf.c:33)
==15980== by 0x93FB69: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (ipa-prop.c:1784)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== Address 0xb7bac52 is 2 bytes inside a block of size 31 free'd
==15980== at 0x4A0662E: free (vg_replace_malloc.c:366)
==15980== by 0x68C540: cxx_printable_name_internal(tree_node*, int, bool)
(tree.c:1615)
==15980== by 0x93FB33: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (cgraph.h:755)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== by 0x5DD8FA: cp_write_global_declarations() (decl2.c:4030)
==15980== by 0xA600AB: toplev_main(int, char**) (toplev.c:571)
==15980==
==15980== Invalid read of size 8
==15980== at 0x322F68BF9F: __GI_mempcpy (memcpy.S:108)
==15980== by 0x322F679375: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1350)
==15980== by 0x322F64B3A7: vfprintf (vfprintf.c:1571)
==15980== by 0x322F651F46: fprintf (fprintf.c:33)
==15980== by 0x93FB69: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (ipa-prop.c:1784)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== Address 0xb7bac56 is 6 bytes inside a block of size 31 free'd
==15980== at 0x4A0662E: free (vg_replace_malloc.c:366)
==15980== by 0x68C540: cxx_printable_name_internal(tree_node*, int, bool)
(tree.c:1615)
==15980== by 0x93FB33: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (cgraph.h:755)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== by 0x5DD8FA: cp_write_global_declarations() (decl2.c:4030)
==15980== by 0xA600AB: toplev_main(int, char**) (toplev.c:571)
==15980==
==15980== Invalid read of size 8
==15980== at 0x322F68BFC0: __GI_mempcpy (memcpy.S:123)
==15980== by 0x322F679375: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1350)
==15980== by 0x322F64B3A7: vfprintf (vfprintf.c:1571)
==15980== by 0x322F651F46: fprintf (fprintf.c:33)
==15980== by 0x93FB69: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (ipa-prop.c:1784)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== Address 0xb7bac5e is 14 bytes inside a block of size 31 free'd
==15980== at 0x4A0662E: free (vg_replace_malloc.c:366)
==15980== by 0x68C540: cxx_printable_name_internal(tree_node*, int, bool)
(tree.c:1615)
==15980== by 0x93FB33: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (cgraph.h:755)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== by 0x5DD8FA: cp_write_global_declarations() (decl2.c:4030)
==15980== by 0xA600AB: toplev_main(int, char**) (toplev.c:571)
==15980==
==15980== Invalid read of size 8
==15980== at 0x322F68BFC3: __GI_mempcpy (memcpy.S:124)
==15980== by 0x322F679375: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1350)
==15980== by 0x322F64B3A7: vfprintf (vfprintf.c:1571)
==15980== by 0x322F651F46: fprintf (fprintf.c:33)
==15980== by 0x93FB69: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (ipa-prop.c:1784)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== Address 0xb7bac66 is 22 bytes inside a block of size 31 free'd
==15980== at 0x4A0662E: free (vg_replace_malloc.c:366)
==15980== by 0x68C540: cxx_printable_name_internal(tree_node*, int, bool)
(tree.c:1615)
==15980== by 0x93FB33: ipa_make_edge_direct_to_target(cgraph_edge*,
tree_node*) (cgraph.h:755)
==15980== by 0x9400FC: propagate_info_to_inlined_callees(cgraph_edge*,
cgraph_node*, VEC_cgraph_edge_p_heap**) (ipa-prop.c:1813)
==15980== by 0x940318: ipa_propagate_indirect_call_infos(cgraph_edge*,
VEC_cgraph_edge_p_heap**) (ipa-prop.c:1969)
==15980== by 0xF2886E: ipa_inline() (ipa-inline.c:1519)
==15980== by 0x9BBBD4: execute_one_pass(opt_pass*) (passes.c:2176)
==15980== by 0x9BC3E9: execute_ipa_pass_list(opt_pass*) (passes.c:2543)
==15980== by 0x7B006D: cgraph_optimize() (cgraphunit.c:1856)
==15980== by 0x7B03AE: cgraph_finalize_compilation_unit()
(cgraphunit.c:2435)
==15980== by 0x5DD8FA: cp_write_global_declarations() (decl2.c:4030)
==15980== by 0xA600AB: toplev_main(int, char**) (toplev.c:571)
==15980==
==15980==
==15980== HEAP SUMMARY:
==15980== in use at exit: 634,303 bytes in 2,360 blocks
==15980== total heap usage: 34,102 allocs, 31,742 frees, 18,152,263 bytes
allocated
The search_line_sse42 failure is not problematic, but others look like there is
something wrong with the caching in cxx_printable_name_internal (this is the
reason for c++ component in the report). Indeed, returning early from this
function via:
return lang_decl_name (decl, v, translate);
"fixes" all these use-after-free problems.
This problem looks related to a testsuite assembly scan failure in iinline-2.C
function on alpha [1], where a garbage is output a related dump:
_ZNK6String7funcOneEi/13 (int String::funcOne(int) const) @0x20006c28c30
Type: function
Visibility: public
References:
Referring:
Function pn� /13 is inline copy in int main(int, char**)/6 <<< *here*
Clone of _ZNK6String7funcOneEi/3
Availability: local
[1] http://gcc.gnu.org/ml/gcc-testresults/2012-04/msg02722.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/53136] Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem
2012-04-27 9:02 [Bug c++/53136] New: Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem ubizjak at gmail dot com
@ 2012-04-30 18:05 ` ubizjak at gmail dot com
2012-04-30 21:35 ` uros at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: ubizjak at gmail dot com @ 2012-04-30 18:05 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53136
Uros Bizjak <ubizjak at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
URL| |http://gcc.gnu.org/ml/gcc-p
| |atches/2012-04/msg01904.htm
| |l
Last reconfirmed| |2012-04-30
Component|c++ |middle-end
AssignedTo|unassigned at gcc dot |ubizjak at gmail dot com
|gnu.org |
Target Milestone|--- |4.8.0
Ever Confirmed|0 |1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/53136] Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem
2012-04-27 9:02 [Bug c++/53136] New: Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem ubizjak at gmail dot com
2012-04-30 18:05 ` [Bug middle-end/53136] " ubizjak at gmail dot com
@ 2012-04-30 21:35 ` uros at gcc dot gnu.org
2012-04-30 21:36 ` ubizjak at gmail dot com
2012-05-01 6:23 ` uros at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: uros at gcc dot gnu.org @ 2012-04-30 21:35 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53136
--- Comment #1 from uros at gcc dot gnu.org 2012-04-30 21:34:39 UTC ---
Author: uros
Date: Mon Apr 30 21:34:35 2012
New Revision: 187001
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=187001
Log:
PR middle-end/53136
* ipa-prop.c (ipa_print_node_jump_functions): Wrap multiple
calls to cgraph_node_name in xstrdup.
(ipa_make_edge_direct_to_target): Ditto.
* cgraph.c (dump_cgraph_node): Ditto.
* tree-sra.c (convert_callers_for_node): Ditto.
* lto-symtab.c (lto_cgraph_replace_node): Ditto.
* ipa-cp.c (perhaps_add_new_callers): Ditto.
* cgraphunit.c (cgraph_redirect_edge_call_stmt_to_callee): Ditto.
(cgraph_materialize_all_clones): Ditto.
* ipa-inline.c (report_inline_failed_reason): Ditto.
(want_early_inline_function_p): Ditto.
(edge_badness): Ditto.
(update_edge_key): Ditto.
(flatten_function): Ditto.
(ipa_inline): Ditto.
(inlinw_always_inline_functions): Ditto.
(early_inline_small_functions): Ditto.
Modified:
trunk/gcc/ChangeLog
trunk/gcc/cgraph.c
trunk/gcc/cgraphunit.c
trunk/gcc/ipa-cp.c
trunk/gcc/ipa-inline.c
trunk/gcc/ipa-prop.c
trunk/gcc/lto-symtab.c
trunk/gcc/tree-sra.c
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/53136] Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem
2012-04-27 9:02 [Bug c++/53136] New: Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem ubizjak at gmail dot com
2012-04-30 18:05 ` [Bug middle-end/53136] " ubizjak at gmail dot com
2012-04-30 21:35 ` uros at gcc dot gnu.org
@ 2012-04-30 21:36 ` ubizjak at gmail dot com
2012-05-01 6:23 ` uros at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: ubizjak at gmail dot com @ 2012-04-30 21:36 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53136
Uros Bizjak <ubizjak at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--- Comment #2 from Uros Bizjak <ubizjak at gmail dot com> 2012-04-30 21:36:16 UTC ---
Fixed.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/53136] Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem
2012-04-27 9:02 [Bug c++/53136] New: Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem ubizjak at gmail dot com
` (2 preceding siblings ...)
2012-04-30 21:36 ` ubizjak at gmail dot com
@ 2012-05-01 6:23 ` uros at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: uros at gcc dot gnu.org @ 2012-05-01 6:23 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53136
--- Comment #3 from uros at gcc dot gnu.org 2012-05-01 06:23:19 UTC ---
Author: uros
Date: Tue May 1 06:23:13 2012
New Revision: 187011
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=187011
Log:
Backport from mainline
2012-04-30 Uros Bizjak <ubizjak@gmail.com>
PR middle-end/53136
* ipa-prop.c (ipa_print_node_jump_functions): Wrap multiple
calls to cgraph_node_name in xstrdup.
(ipa_make_edge_direct_to_target): Ditto.
* tree-sra.c (convert_callers_for_node): Ditto.
* lto-symtab.c (lto_cgraph_replace_node): Ditto.
* ipa-cp.c (perhaps_add_new_callers): Ditto.
* cgraphunit.c (cgraph_redirect_edge_call_stmt_to_callee): Ditto.
(cgraph_materialize_all_clones): Ditto.
* ipa-inline.c (report_inline_failed_reason): Ditto.
(want_early_inline_function_p): Ditto.
(edge_badness): Ditto.
(update_edge_key): Ditto.
(flatten_function): Ditto.
(ipa_inline): Ditto.
(inline_always_inline_functions): Ditto.
(early_inline_small_functions): Ditto.
Modified:
branches/gcc-4_7-branch/gcc/ChangeLog
branches/gcc-4_7-branch/gcc/cgraphunit.c
branches/gcc-4_7-branch/gcc/ipa-cp.c
branches/gcc-4_7-branch/gcc/ipa-inline.c
branches/gcc-4_7-branch/gcc/ipa-prop.c
branches/gcc-4_7-branch/gcc/lto-symtab.c
branches/gcc-4_7-branch/gcc/tree-sra.c
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-05-01 6:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-27 9:02 [Bug c++/53136] New: Use after free in ipa_make_edge_direct_to_target, cxx_printable_name_internal problem ubizjak at gmail dot com
2012-04-30 18:05 ` [Bug middle-end/53136] " ubizjak at gmail dot com
2012-04-30 21:35 ` uros at gcc dot gnu.org
2012-04-30 21:36 ` ubizjak at gmail dot com
2012-05-01 6:23 ` uros at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).