From: Jeff Law <law@redhat.com>
To: Jakub Jelinek <jakub@redhat.com>
Cc: gcc-patches <gcc-patches@gcc.gnu.org>
Subject: Re: Fix a few use-after-free issues
Date: Wed, 23 Mar 2011 17:37:00 -0000 [thread overview]
Message-ID: <4D8A2FB8.1080007@redhat.com> (raw)
In-Reply-To: <4D8A02ED.6010209@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1660 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/23/11 08:25, Jeff Law wrote:
> On 03/21/11 11:50, Jakub Jelinek wrote:
>> On Mon, Mar 21, 2011 at 11:37:16AM -0600, Jeff Law wrote:
>>> Similarly for redirect_edge_succ_nodup in this fragment:
>>>
>>> ret = redirect_edge_succ_nodup (e, dest);
>>> if (dump_file)
>>> fprintf (dump_file, "Fallthru edge %i->%i redirected to %i\n",
>>> e->src->index, e->dest->index, dest->index);
>>> }
>>> Luckily in this case the use-after-free only occurs when dumping, so it
>>> won't typically affect end users.
>
>> Well, the message is wrong anyway, becase e->dest->index will be
>> dest->index (with the exception that e has been remove_edge, but then it is
>> the use after free). Guess the message should be printed before the
>> redirect_edge_succ_nodup call, or remember e->dest->index in some local
>> variable and print that variable after the call.
> Yea, I'll just move the message before the call to
> redirecT_edge_succ_nodup.
Attached is the actual patch that was checked in after another bootstrap
and regression test.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNii+4AAoJEBRtltQi2kC7aLsIAJQ8JrBCCCSNC0HH+1NgAdyp
aUFEpQJUV9KgYpKzcqtKY5+kJI4WXRnRXsMmXuC4rWKV5rsnGmCzOSoHolHecLXB
F7J3KaCwg51tcJ/wxXUCPUy+MhZ/ZWHBVbLzw+aQ+O4mXqwnHoRRxnUwGmas6rDk
+pFXjmTArphMQdQ/xnOtXqUylecf4iu06Axn+0UXVy2J3CHT3jPvjuNZUHVUcVq+
qNrUTwYhDMHPXQtZWGz4RNqoACmpY/ku53xXwJq4PrcD1g/rl8Vy6aVnTPE9lONv
rXmxr/FgNFZixKxNhaYz6A+maXbM4uRGZvSoGuO0do/YulZXXN+Ym5HHlocM/pQ=
=/fA+
-----END PGP SIGNATURE-----
[-- Attachment #2: patch --]
[-- Type: text/plain, Size: 2285 bytes --]
Index: cfg.c
===================================================================
*** cfg.c (revision 171351)
--- cfg.c (working copy)
*************** redirect_edge_succ_nodup (edge e, basic_
*** 402,409 ****
if (s->probability > REG_BR_PROB_BASE)
s->probability = REG_BR_PROB_BASE;
s->count += e->count;
- remove_edge (e);
redirect_edge_var_map_dup (s, e);
e = s;
}
else
--- 402,409 ----
if (s->probability > REG_BR_PROB_BASE)
s->probability = REG_BR_PROB_BASE;
s->count += e->count;
redirect_edge_var_map_dup (s, e);
+ remove_edge (e);
e = s;
}
else
Index: cfgrtl.c
===================================================================
*** cfgrtl.c (revision 171351)
--- cfgrtl.c (working copy)
*************** cfg_layout_redirect_edge_and_branch (edg
*** 2537,2545 ****
e->flags &= ~EDGE_FALLTHRU;
redirected = redirect_branch_edge (e, dest);
gcc_assert (redirected);
! e->flags |= EDGE_FALLTHRU;
! df_set_bb_dirty (e->src);
! return e;
}
/* In case we are redirecting fallthru edge to the branch edge
of conditional jump, remove it. */
--- 2537,2545 ----
e->flags &= ~EDGE_FALLTHRU;
redirected = redirect_branch_edge (e, dest);
gcc_assert (redirected);
! redirected->flags |= EDGE_FALLTHRU;
! df_set_bb_dirty (redirected->src);
! return redirected;
}
/* In case we are redirecting fallthru edge to the branch edge
of conditional jump, remove it. */
*************** cfg_layout_redirect_edge_and_branch (edg
*** 2553,2562 ****
&& onlyjump_p (BB_END (src)))
delete_insn (BB_END (src));
}
- ret = redirect_edge_succ_nodup (e, dest);
if (dump_file)
fprintf (dump_file, "Fallthru edge %i->%i redirected to %i\n",
e->src->index, e->dest->index, dest->index);
}
else
ret = redirect_branch_edge (e, dest);
--- 2553,2562 ----
&& onlyjump_p (BB_END (src)))
delete_insn (BB_END (src));
}
if (dump_file)
fprintf (dump_file, "Fallthru edge %i->%i redirected to %i\n",
e->src->index, e->dest->index, dest->index);
+ ret = redirect_edge_succ_nodup (e, dest);
}
else
ret = redirect_branch_edge (e, dest);
prev parent reply other threads:[~2011-03-23 17:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-21 17:37 Jeff Law
2011-03-21 17:44 ` Diego Novillo
2011-03-21 17:50 ` Jakub Jelinek
2011-03-23 14:26 ` Jeff Law
2011-03-23 17:37 ` Jeff Law [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D8A2FB8.1080007@redhat.com \
--to=law@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).