[Bug tree-optimization/109806] [13/14 Regression] 13.1.0 cc1plus stack smashing crash with C array of complex structs

Thu, 11 May 2023 11:56:39 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109806

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |13.2
     Ever confirmed|0                           |1
            Summary|13.1.0 cc1plus stack        |[13/14 Regression] 13.1.0
                   |smashing crash with C array |cc1plus stack smashing
                   |of complex structs          |crash with C array of
                   |                            |complex structs
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2023-05-11
           Severity|normal                      |critical
           Keywords|                            |memory-hog

--- Comment #7 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Simple testcase:
```
struct basic_string {
  ~basic_string() { }
};
const basic_string data[] = { {} };
```

This fails with `ulimit -s 1024` which is not unreasonable limit even. The
default on Linux is 8MB, I just reduced it down to 1MB.

Backtrace:
#0  0x0000000001f7c9dc in gori_compute::compute_operand1_range (this=0x32aea00,
r=..., handler=..., lhs=..., name=0x7ffff79c3318, src=..., rel=0x0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:1081
#1  0x0000000001f7ad71 in gori_compute::compute_operand_range (this=0x32aea00,
r=..., stmt=0x7ffff79cf0a0, lhs=..., name=0x7ffff79c3318, src=..., rel=0x0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:711
#2  0x0000000001f7eeed in gori_compute::compute_operand_range (rel=0x0,
src=..., name=0x7ffff79c3318, lhs=..., stmt=0x7ffff79cf0a0, r=...,
this=0x32aea00) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:611
#3  gori_compute::outgoing_edge_range_p (this=this@entry=0x32aea00, r=...,
e=e@entry=0x7ffff79c1f00, name=name@entry=0x7ffff79c3318, q=...) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:1422
#4  0x0000000001f6f65f in ranger_cache::range_from_dom (this=<optimized out>,
r=..., name=0x7ffff79c3318, start_bb=<optimized out>,
mode=ranger_cache::RFD_FILL) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1629
#5  0x0000000001f7140a in ranger_cache::range_from_dom
(mode=ranger_cache::RFD_FILL, start_bb=0x7ffff79b5ae0, name=0x7ffff79c3318,
r=..., this=0x32ae9f0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1526
#6  ranger_cache::fill_block_cache (this=0x32ae9f0, name=0x7ffff79c3318,
bb=0x7ffff79b5ae0, def_bb=0x7ffff79b5a80) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1317
#7  0x0000000001f72082 in ranger_cache::block_range (this=0x32ae9f0, r=...,
bb=0x7ffff79b5ae0, name=0x7ffff79c3318, calc=true) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1144
#8  0x0000000001f68dda in gimple_ranger::range_on_entry (this=0x32ae9d0, r=...,
bb=0x7ffff79b5ae0, name=0x7ffff79c3318) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:156
#9  0x0000000001f6be2a in gimple_ranger::range_of_expr (this=0x32ae9d0, r=...,
expr=0x7ffff79c3318, stmt=<optimized out>) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:130
#10 0x0000000001f762bf in fold_using_range::range_of_range_op (this=<optimized
out>, r=..., handler=..., src=...) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/value-range.h:611
#11 0x0000000001f77db3 in fold_using_range::fold_stmt (this=0x7ffffffd5560,
r=..., s=0x7ffff79d0108, src=..., name=0x7ffff79c3438) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-fold.cc:490
#12 0x0000000001f6999a in gimple_ranger::fold_range_internal
(name=0x7ffff79c3438, s=0x7ffff79d0108, r=..., this=0x32ae9d0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:257
#13 gimple_ranger::prefill_stmt_dependencies (this=0x32ae9d0,
ssa=0x7ffff79c3318) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:392
#14 0x0000000001f6a45b in gimple_ranger::range_of_stmt (this=0x32ae9d0, r=...,
s=0x7ffff79caf00, name=<optimized out>) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:314
#15 0x0000000001f6a629 in gimple_ranger::register_inferred_ranges
(this=0x32ae9d0, s=s@entry=0x7ffff79caf00) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:474
#16 0x000000000154d2b1 in rvrp_folder::pre_fold_bb (this=0x7fffffffd940,
bb=0x7ffff79b5a80) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-vrp.cc:944
#17 0x000000000144a976 in substitute_and_fold_dom_walker::before_dom_children
(this=0x7fffffffd890, bb=0x7ffff79b5a80) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-ssa-propagate.cc:734
#18 0x0000000001f38f3f in dom_walker::walk (this=0x7fffffffd890,
bb=0x7ffff79b5a80) at /home/apinski/src/upstream-gcc-git/gcc/gcc/domwalk.cc:311
#19 0x0000000001449816 in substitute_and_fold_engine::substitute_and_fold
(this=this@entry=0x7fffffffd940, block=block@entry=0x0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-ssa-propagate.cc:971
#20 0x000000000154b6ca in execute_ranger_vrp (fun=0x7ffff79c52e0,
warn_array_bounds_p=false, final_p=false) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-vrp.cc:997


compute_operand1_range has a stack size of `120k` which seems large in itself
really.

Reply via email to