[PATCH] xtensa: Fix out-of-bounds array access - Takayuki 'January June' Suwa

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: Takayuki 'January June' Suwa <jjsuwa_sys3175@yahoo.co.jp>
To: GCC Patches <gcc-patches@gcc.gnu.org>
Cc: Max Filippov <jcmvbkbc@gmail.com>, Jan-Benedict Glaw <jbglaw@lug-owl.de>
Subject: [PATCH] xtensa: Fix out-of-bounds array access
Date: Wed, 26 Oct 2022 15:27:51 +0900	[thread overview]
Message-ID: <9871cd37-f2da-ad03-3083-22ff70422ddc@yahoo.co.jp> (raw)
In-Reply-To: <20221025200957.v5yjre2fsbxqby43@lug-owl.de>

On 2022/10/26 5:09, Jan-Benedict Glaw wrote:
> I didn't yet actually check the warning, it may be bogus.

This "problem" can occur in the following two places calling xtensa_split_DI_reg_imm():

- (define_expand "movdi") @ line 943-945
- (define_split) @ line 989

and the former causes the "real" problem:

[from gcc/insn-emit.cc (generated by building)]

> /* ../../gcc/config/xtensa/xtensa.md:932 */
> rtx
> gen_movdi (rtx operand0,
> 	rtx operand1)
> {
>   rtx_insn *_val = 0;
>   start_sequence ();
>   {
>     rtx operands[2];					// only 2 elements
>     operands[0] = operand0;
>     operands[1] = operand1;
> #define FAIL return (end_sequence (), _val)
> #define DONE return (_val = get_insns (), end_sequence (), _val)
> #line 936 "../../gcc/config/xtensa/xtensa.md"
> {
>   if (CONSTANT_P (operands[1]))
>     {
>       /* Split in halves if 64-bit Const-to-Reg moves
> 	 because of offering further optimization opportunities.  */
>       if (register_operand (operands[0], DImode))
> 	{
> 	  xtensa_split_DI_reg_imm (operands);		// out-of-bounds!
> 	  emit_move_insn (operands[0], operands[1]);
> 	  emit_move_insn (operands[2], operands[3]);	// out-of-bounds!
> 	  DONE;
> 	}

The latter is not a problem as the array is large enough (up to MAX_RECOG_OPERANDS-1).

===

gcc/ChangeLog:

	* config/xtensa/xtensa.md (movdi):
	Copy operands[0...1] to ops[0...3] and then use the latter before
	calling xtensa_split_DI_reg_imm() and emitting insns.
---
 gcc/config/xtensa/xtensa.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gcc/config/xtensa/xtensa.md b/gcc/config/xtensa/xtensa.md
index 2e7f76ada5c..de9bcbf24f7 100644
--- a/gcc/config/xtensa/xtensa.md
+++ b/gcc/config/xtensa/xtensa.md
@@ -940,9 +940,10 @@
 	 because of offering further optimization opportunities.  */
       if (register_operand (operands[0], DImode))
 	{
-	  xtensa_split_DI_reg_imm (operands);
-	  emit_move_insn (operands[0], operands[1]);
-	  emit_move_insn (operands[2], operands[3]);
+	  rtx ops[4] = { operands[0], operands[1] };
+	  xtensa_split_DI_reg_imm (ops);
+	  emit_move_insn (ops[0], ops[1]);
+	  emit_move_insn (ops[2], ops[3]);
 	  DONE;
 	}
 
-- 
2.30.2

next prev parent reply	other threads:[~2022-10-26  6:27 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-03  1:35 [PATCH] lower-subreg, expr: Mitigate inefficiencies derived from "(clobber (reg X))" followed by "(set (subreg (reg X)) (...))" Takayuki 'January June' Suwa
2022-08-03  7:52 ` Richard Sandiford
2022-08-03 11:17   ` Takayuki 'January June' Suwa
2022-08-04  9:49     ` Richard Sandiford
2022-08-04 12:35       ` Takayuki 'January June' Suwa
2022-08-05 16:20         ` Jeff Law
2022-10-14 11:06           ` [PATCH] xtensa: Prepare the transition from Reload to LRA Takayuki 'January June' Suwa
2022-10-16  5:03             ` Max Filippov
2022-10-18  2:57               ` [PATCH v2] " Takayuki 'January June' Suwa
2022-10-18  3:14                 ` Max Filippov
2022-10-18 12:16                   ` Max Filippov
2022-10-19  8:16                     ` [PATCH v3] " Takayuki 'January June' Suwa
2022-10-19 11:31                       ` Max Filippov
2022-10-25 20:09                       ` Jan-Benedict Glaw
2022-10-26  3:23                         ` Takayuki 'January June' Suwa
2022-10-26  6:27                         ` Takayuki 'January June' Suwa [this message]
2022-10-26 17:05                           ` [PATCH] xtensa: Fix out-of-bounds array access Max Filippov
2022-08-05 16:12       ` [PATCH] lower-subreg, expr: Mitigate inefficiencies derived from "(clobber (reg X))" followed by "(set (subreg (reg X)) (...))" Jeff Law
2022-08-03 17:23   ` Jeff Law
2022-08-04  9:39     ` Richard Sandiford

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9871cd37-f2da-ad03-3083-22ff70422ddc@yahoo.co.jp \
    --to=jjsuwa_sys3175@yahoo.co.jp \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=jbglaw@lug-owl.de \
    --cc=jcmvbkbc@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).