From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pmderodat@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1914)
 id 283903857413; Wed, 18 May 2022 08:43:22 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 283903857413
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
From: Pierre-Marie de Rodat <pmderodat@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r13-590] [Ada] Prevent overflow in computation of aggregate size
X-Act-Checkin: gcc
X-Git-Author: Piotr Trojanek <trojanek@adacore.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 8b49556e4ee617e0920a9335685c7961971c3d0a
X-Git-Newrev: 16b8ba101f770503f363c095d7be5c055705b84b
Message-Id: <20220518084322.283903857413@sourceware.org>
Date: Wed, 18 May 2022 08:43:22 +0000 (GMT)
X-BeenThere: gcc-cvs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-cvs mailing list <gcc-cvs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-cvs/>
List-Help: <mailto:gcc-cvs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2022 08:43:22 -0000

https://gcc.gnu.org/g:16b8ba101f770503f363c095d7be5c055705b84b

commit r13-590-g16b8ba101f770503f363c095d7be5c055705b84b
Author: Piotr Trojanek <trojanek@adacore.com>
Date:   Thu Mar 31 20:56:58 2022 +0200

    [Ada] Prevent overflow in computation of aggregate size
    
    When computing size of a static aggregate to decide if it should be
    transformed into assignments and loops we could have an overflow check.
    This is mostly harmless, because colossal aggregates will likely crash
    the application anyway, no matter how we transform them.
    
    This was not detected because compiler was built with -gnatg switch that
    suppresses overflow checks (they are only enabled by an explicit -gnato
    switch).
    
    gcc/ada/
    
            * exp_aggr.adb (Component_Count): Calculate size as an Uint and
            only then check if it is in the range of Int, as otherwise the
            multiplication of Int values can overflow.

Diff:
---
 gcc/ada/exp_aggr.adb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gcc/ada/exp_aggr.adb b/gcc/ada/exp_aggr.adb
index 72f65555681..4714cab8bfa 100644
--- a/gcc/ada/exp_aggr.adb
+++ b/gcc/ada/exp_aggr.adb
@@ -661,10 +661,10 @@ package body Exp_Aggr is
 
                   declare
                      UI : constant Uint :=
-                            Expr_Value (Hi) - Expr_Value (Lo) + 1;
+                            (Expr_Value (Hi) - Expr_Value (Lo) + 1) * Siz;
                   begin
                      if UI_Is_In_Int_Range (UI) then
-                        return Siz * UI_To_Int (UI);
+                        return UI_To_Int (UI);
                      else
                         return Int'Last;
                      end if;