From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 100085 invoked by alias); 5 Dec 2018 06:50:39 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 100067 invoked by uid 89); 5 Dec 2018 06:50:38 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=formerly X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 05 Dec 2018 06:50:36 +0000 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 678093001DAB for ; Wed, 5 Dec 2018 06:50:35 +0000 (UTC) Received: from free.home (ovpn04.gateway.prod.ext.phx2.redhat.com [10.5.9.4]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 26FA060C5C; Wed, 5 Dec 2018 06:50:34 +0000 (UTC) Received: from livre (livre.home [172.31.160.2]) by free.home (8.15.2/8.15.2) with ESMTP id wB56oJDh445700; Wed, 5 Dec 2018 04:50:20 -0200 From: Alexandre Oliva To: gcc-patches@gcc.gnu.org Subject: avoid null ptr deref in cselib_record_sets Date: Wed, 05 Dec 2018 06:50:00 -0000 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SW-Source: 2018-12/txt/msg00257.txt.bz2 Jeff Law tells me h8300-elf fails gcc.c-torture/compile/pr49029.c with -O2 -g -mint32 -mh. This patch fixes it. The problem is that strict low part handling in cselib_record_sets assumes src_elt is not NULL. That src_elt is taken from a strict low part set, but it won't always have a src_elt to begin with. In this case, it's because src is a volatile MEM; we don't record values for those. Although we could fix the problem by testing for a NULL src_elt before creating the zero extends corresponding to strict low part sets of formerly const0_rtx REGs, there's no point in recording the additional set that we won't be able to use anyway. We could still record that the whole register has a zero-extend of the value stored in the narrower-mode strict low part of the register, but is that of any use? I guess not, but if we find otherwise, we can change that later. Jeff tested this with a cross compiler to h8300-elf, and several other native and cross toolchains IIUC. I'm regstrapping it myself on i686- and x86_64-linux-gnu. Ok to install? for gcc/ChangeLog * cselib.c (cselib_record_sets): Skip strict low part sets with NULL src_elt. --- gcc/cselib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/gcc/cselib.c b/gcc/cselib.c index 6d3a4078c689..4a68439455fd 100644 --- a/gcc/cselib.c +++ b/gcc/cselib.c @@ -2616,6 +2616,7 @@ cselib_record_sets (rtx_insn *insn) preserves the upper bits that di:SI=3Dzero_extend(flags:CCNO<=3D0). */ scalar_int_mode mode; if (dest !=3D orig + && sets[i].src_elt && cselib_record_sets_hook && REG_P (dest) && HARD_REGISTER_P (dest) --=20 Alexandre Oliva, freedom fighter https://FSFLA.org/blogs/lxo Be the change, be Free! FSF Latin America board member GNU Toolchain Engineer Free Software Evangelist Hay que enGNUrecerse, pero sin perder la terGNUra jam=C3=A1s-GNUChe