https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114998
--- Comment #7 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-14 branch has been updated by Richard Biener <rgue...@gcc.gnu.org>: https://gcc.gnu.org/g:1e9ae50d4d160f6d557fc4cbbe95c4a36897c09f commit r14-10214-g1e9ae50d4d160f6d557fc4cbbe95c4a36897c09f Author: Richard Biener <rguent...@suse.de> Date: Fri May 10 14:19:49 2024 +0200 tree-optimization/114998 - use-after-free with loop distribution When loop distribution releases a PHI node of the original IL it can end up clobbering memory that's re-used when it upon releasing its RDG resets all stmt UIDs back to -1, even those that got released. The fix is to avoid resetting UIDs based on stmts in the RDG but instead reset only those still present in the loop. PR tree-optimization/114998 * tree-loop-distribution.cc (free_rdg): Take loop argument. Reset UIDs of stmts still in the IL rather than all stmts referenced from the RDG. (loop_distribution::build_rdg): Pass loop to free_rdg. (loop_distribution::distribute_loop): Likewise. (loop_distribution::transform_reduction_loop): Likewise. * gcc.dg/torture/pr114998.c: New testcase. (cherry picked from commit 34d15a4d630a0d54eddb99bdab086c506e10dac5)
