http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52445
Bug #: 52445
Summary: conditional store replacement causes segfault in
generated code
Classification: Unclassified
Product: gcc
Version: 4.7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: g...@adamsimpkins.net
Created attachment 26797
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=26797
minimized test case
The cond_store_replacement() optimization can move a memory access outside of a
conditional statement that checks whether it is safe to access the memory.
This can cause the program to segfault.
I've attached a simplified test case that reproduces the problem. It uses
mprotect to ensure the following byte is inaccessible. In practice we see
segfaults simply because malloc sometimes returns a buffer at the end of a
readable region. The conditional store replacement moves the memory access
outside of the length check.
I've verified the problem occurs in 4.6.1, 4.6.2, and the gcc-4.6.2-20120210
and gcc-4.7-20120225 snapshots. The problem doesn't occur with 4.4.5, as it
doesn't perform conditional store replacement in this case.
