The function iterative_hash_expr uses built_in_decls to a map a builtin
function to the __builtin_ form. It uses DECL_FUNCTION_CODE as the index. For
machine specific builtins, the DECL_FUNCTION_CODE is defined by the backend,
instead of being the builtin number. This means that the builtin_in_decls
reference can point to random memory.
In the power7 branch, I added quite a few more builtins, and this code causes
crashes when it looks at memory beyond the bound of builtin_in_decls. Even if
it doesn't overflow the bounds of the array, the builtin hash might pick up the
wrong declaration.
--
Summary: iterative_hash_expr in tree.c has an out of bound
reference for machine specific builtins
Product: gcc
Version: 4.5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: meissner at linux dot vnet dot ibm dot com
GCC build triplet: powerpc64-unknown-linux-gnu
GCC host triplet: powerpc64-unknown-linux-gnu
GCC target triplet: powerpc64-unknown-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=40219
