From 88ff74f043235735701f71cdb51a83315f8a3895 Mon Sep 17 00:00:00 2001 From: Thomas Schwinge Date: Thu, 29 Jun 2023 21:33:06 +0200 Subject: [PATCH] f into Streamer: Fix out of range memory access of machine mode gcc/ * lto-streamer.h (class lto_input_block): Capture 'lto_file_decl_data *file_data' instead of just 'unsigned char *mode_table'. Adjust all users. * tree-streamer.h (bp_unpack_machine_mode): Use 'file_data->mode_bits'. gcc/lto/ * lto-common.cc (lto_read_decls) [!ACCEL_COMPILER]: Initialize 'file_data->mode_bits'. --- gcc/ipa-devirt.cc | 2 +- gcc/ipa-fnsummary.cc | 2 +- gcc/ipa-icf.cc | 2 +- gcc/ipa-modref.cc | 2 +- gcc/ipa-prop.cc | 4 ++-- gcc/ipa-sra.cc | 2 +- gcc/lto-cgraph.cc | 2 +- gcc/lto-section-in.cc | 2 +- gcc/lto-streamer-in.cc | 6 +++--- gcc/lto-streamer.h | 10 +++++----- gcc/lto/lto-common.cc | 3 ++- gcc/tree-streamer.h | 6 +++--- 12 files changed, 22 insertions(+), 21 deletions(-) diff --git a/gcc/ipa-devirt.cc b/gcc/ipa-devirt.cc index 2c61a497cee..87529be4515 100644 --- a/gcc/ipa-devirt.cc +++ b/gcc/ipa-devirt.cc @@ -4147,7 +4147,7 @@ ipa_odr_read_section (struct lto_file_decl_data *file_data, const char *data, class data_in *data_in; lto_input_block ib ((const char *) data + main_offset, header->main_size, - file_data->mode_table); + file_data); data_in = lto_data_in_create (file_data, (const char *) data + string_offset, diff --git a/gcc/ipa-fnsummary.cc b/gcc/ipa-fnsummary.cc index a5f5a50c8a5..37c1edc2f3a 100644 --- a/gcc/ipa-fnsummary.cc +++ b/gcc/ipa-fnsummary.cc @@ -4528,7 +4528,7 @@ inline_read_section (struct lto_file_decl_data *file_data, const char *data, unsigned int f_count; lto_input_block ib ((const char *) data + main_offset, header->main_size, - file_data->mode_table); + file_data); data_in = lto_data_in_create (file_data, (const char *) data + string_offset, diff --git a/gcc/ipa-icf.cc b/gcc/ipa-icf.cc index cb9f768d85d..836d0914ded 100644 --- a/gcc/ipa-icf.cc +++ b/gcc/ipa-icf.cc @@ -2204,7 +2204,7 @@ sem_item_optimizer::read_section (lto_file_decl_data *file_data, unsigned int count; lto_input_block ib_main ((const char *) data + main_offset, 0, - header->main_size, file_data->mode_table); + header->main_size, file_data); data_in = lto_data_in_create (file_data, (const char *) data + string_offset, diff --git a/gcc/ipa-modref.cc b/gcc/ipa-modref.cc index e3196df8aa9..278b2dbd828 100644 --- a/gcc/ipa-modref.cc +++ b/gcc/ipa-modref.cc @@ -3816,7 +3816,7 @@ read_section (struct lto_file_decl_data *file_data, const char *data, unsigned int f_count; lto_input_block ib ((const char *) data + main_offset, header->main_size, - file_data->mode_table); + file_data); data_in = lto_data_in_create (file_data, (const char *) data + string_offset, diff --git a/gcc/ipa-prop.cc b/gcc/ipa-prop.cc index 704fe01b02c..8f2119b72e3 100644 --- a/gcc/ipa-prop.cc +++ b/gcc/ipa-prop.cc @@ -5337,7 +5337,7 @@ ipa_prop_read_section (struct lto_file_decl_data *file_data, const char *data, unsigned int count; lto_input_block ib_main ((const char *) data + main_offset, - header->main_size, file_data->mode_table); + header->main_size, file_data); data_in = lto_data_in_create (file_data, (const char *) data + string_offset, @@ -5561,7 +5561,7 @@ read_replacements_section (struct lto_file_decl_data *file_data, unsigned int count; lto_input_block ib_main ((const char *) data + main_offset, - header->main_size, file_data->mode_table); + header->main_size, file_data); data_in = lto_data_in_create (file_data, (const char *) data + string_offset, header->string_size, vNULL); diff --git a/gcc/ipa-sra.cc b/gcc/ipa-sra.cc index 21d281a9756..c35e03b7abd 100644 --- a/gcc/ipa-sra.cc +++ b/gcc/ipa-sra.cc @@ -2944,7 +2944,7 @@ isra_read_summary_section (struct lto_file_decl_data *file_data, unsigned int count; lto_input_block ib_main ((const char *) data + main_offset, - header->main_size, file_data->mode_table); + header->main_size, file_data); data_in = lto_data_in_create (file_data, (const char *) data + string_offset, diff --git a/gcc/lto-cgraph.cc b/gcc/lto-cgraph.cc index aed5e9ddb18..32c0f5ac6db 100644 --- a/gcc/lto-cgraph.cc +++ b/gcc/lto-cgraph.cc @@ -2174,7 +2174,7 @@ input_cgraph_opt_section (struct lto_file_decl_data *file_data, unsigned int count; lto_input_block ib_main ((const char *) data + main_offset, - header->main_size, file_data->mode_table); + header->main_size, file_data); data_in = lto_data_in_create (file_data, (const char *) data + string_offset, diff --git a/gcc/lto-section-in.cc b/gcc/lto-section-in.cc index 07cf7326582..5ff00a3c130 100644 --- a/gcc/lto-section-in.cc +++ b/gcc/lto-section-in.cc @@ -262,7 +262,7 @@ lto_create_simple_input_block (struct lto_file_decl_data *file_data, *datar = data; return new lto_input_block (data + main_offset, header->main_size, - file_data->mode_table); + file_data); } diff --git a/gcc/lto-streamer-in.cc b/gcc/lto-streamer-in.cc index 2a0720b4e6f..1876e1967ec 100644 --- a/gcc/lto-streamer-in.cc +++ b/gcc/lto-streamer-in.cc @@ -1629,11 +1629,11 @@ lto_read_body_or_constructor (struct lto_file_decl_data *file_data, struct symta /* Set up the struct function. */ from = data_in->reader_cache->nodes.length (); lto_input_block ib_main (data + main_offset, header->main_size, - file_data->mode_table); + file_data); if (TREE_CODE (node->decl) == FUNCTION_DECL) { lto_input_block ib_cfg (data + cfg_offset, header->cfg_size, - file_data->mode_table); + file_data); input_function (fn_decl, data_in, &ib_main, &ib_cfg, dyn_cast (node)); } @@ -1954,7 +1954,7 @@ lto_input_toplevel_asms (struct lto_file_decl_data *file_data, int order_base) string_offset = sizeof (*header) + header->main_size; lto_input_block ib (data + sizeof (*header), header->main_size, - file_data->mode_table); + file_data); data_in = lto_data_in_create (file_data, data + string_offset, header->string_size, vNULL); diff --git a/gcc/lto-streamer.h b/gcc/lto-streamer.h index 443f0cd616e..0556b34c837 100644 --- a/gcc/lto-streamer.h +++ b/gcc/lto-streamer.h @@ -344,14 +344,14 @@ public: /* Special constructor for the string table, it abuses this to do random access but use the uhwi decoder. */ lto_input_block (const char *data_, unsigned int p_, unsigned int len_, - const unsigned char *mode_table_) - : data (data_), mode_table (mode_table_), p (p_), len (len_) {} + const lto_file_decl_data *file_data_) + : data (data_), file_data (file_data_), p (p_), len (len_) {} lto_input_block (const char *data_, unsigned int len_, - const unsigned char *mode_table_) - : data (data_), mode_table (mode_table_), p (0), len (len_) {} + const lto_file_decl_data *file_data_) + : data (data_), file_data (file_data_), p (0), len (len_) {} const char *data; - const unsigned char *mode_table; + const lto_file_decl_data *file_data; unsigned int p; unsigned int len; }; diff --git a/gcc/lto/lto-common.cc b/gcc/lto/lto-common.cc index 537570204b3..973ab791712 100644 --- a/gcc/lto/lto-common.cc +++ b/gcc/lto/lto-common.cc @@ -1880,7 +1880,7 @@ lto_read_decls (struct lto_file_decl_data *decl_data, const void *data, uint32_t num_decl_states; lto_input_block ib_main ((const char *) data + main_offset, - header->main_size, decl_data->mode_table); + header->main_size, decl_data); data_in = lto_data_in_create (decl_data, (const char *) data + string_offset, header->string_size, resolutions); @@ -2275,6 +2275,7 @@ lto_file_finalize (struct lto_file_decl_data *file_data, lto_file *file, lto_input_mode_table (file_data); #else file_data->mode_table = lto_mode_identity_table; + file_data->mode_bits = ceil_log2 (MAX_MACHINE_MODE); #endif data = lto_get_summary_section_data (file_data, LTO_section_decls, &len); diff --git a/gcc/tree-streamer.h b/gcc/tree-streamer.h index ff8bccf901a..db01c8c7678 100644 --- a/gcc/tree-streamer.h +++ b/gcc/tree-streamer.h @@ -116,11 +116,11 @@ bp_pack_machine_mode (struct bitpack_d *bp, machine_mode mode) inline machine_mode bp_unpack_machine_mode (struct bitpack_d *bp) { - int last = 1 << ceil_log2 (MAX_MACHINE_MODE); - lto_input_block *input_block = (class lto_input_block *) bp->stream; + lto_input_block *ib = (class lto_input_block *) bp->stream; + int last = 1 << ib->file_data->mode_bits; int index = bp_unpack_enum (bp, machine_mode, last); - return (machine_mode) input_block->mode_table[index]; + return (machine_mode) ib->file_data->mode_table[index]; } #endif /* GCC_TREE_STREAMER_H */ -- 2.34.1