From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4571 invoked by alias); 7 Jan 2014 13:37:35 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 4499 invoked by uid 89); 7 Jan 2014 13:37:35 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.7 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 07 Jan 2014 13:37:34 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s07DbWZc016213 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 7 Jan 2014 08:37:32 -0500 Received: from tucnak.zalov.cz (vpn1-5-186.ams2.redhat.com [10.36.5.186]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s07DbUhI020166 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 7 Jan 2014 08:37:31 -0500 Received: from tucnak.zalov.cz (localhost [127.0.0.1]) by tucnak.zalov.cz (8.14.7/8.14.7) with ESMTP id s07DbUfl025683; Tue, 7 Jan 2014 14:37:30 +0100 Received: (from jakub@localhost) by tucnak.zalov.cz (8.14.7/8.14.7/Submit) id s07DbNC6025682; Tue, 7 Jan 2014 14:37:23 +0100 Date: Tue, 07 Jan 2014 13:37:00 -0000 From: Jakub Jelinek To: Florian Weimer Cc: GCC Patches , shenhan@google.com Subject: Re: Extend -fstack-protector-strong to cover calls with return slot Message-ID: <20140107133723.GR892@tucnak.redhat.com> Reply-To: Jakub Jelinek References: <52C6B807.1070203@redhat.com> <20140103185715.GO892@tucnak.redhat.com> <52C72F05.2060901@redhat.com> <52CBF834.3040004@redhat.com> <20140107130748.GP892@tucnak.redhat.com> <52CC00A8.7070203@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <52CC00A8.7070203@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes X-SW-Source: 2014-01/txt/msg00264.txt.bz2 On Tue, Jan 07, 2014 at 02:27:04PM +0100, Florian Weimer wrote: > gimplify_modify_expr_rhs, in the CALL_EXPR case: > > if (use_target) > { > CALL_EXPR_RETURN_SLOT_OPT (*from_p) = 1; > mark_addressable (*to_p); > } Yeah, that sets it in some cases too, not in other testcases. Just look at how the flag is used when actually expanding it: if (target && MEM_P (target) && CALL_EXPR_RETURN_SLOT_OPT (exp)) structure_value_addr = XEXP (target, 0); else { /* For variable-sized objects, we must be called with a target specified. If we were to allocate space on the stack here, we would have no way of knowing when to free it. */ rtx d = assign_temp (rettype, 1, 1); structure_value_addr = XEXP (d, 0); target = 0; } so, if it is set, the address of the var on the LHS is passed to the function as hidden argument, if it is not set, we pass address of a stack temporary instead. Both the automatic var and the stack temporary can overflow, if the callee does something wrong. Jakub