On Fri, May 19, 2017 at 5:14 AM, Richard Biener
<richard.guent...@gmail.com> wrote:
> On Fri, May 19, 2017 at 4:32 AM, Jason Merrill <ja...@redhat.com> wrote:
>> A patch I've been putting together ran into strange memory corruption
>> issues which turned out to be because the calculation in
>> make_tree_vec_stat was overflowing and allocating a small TREE_VEC
>> instead of a large one. This assert should work as a simple sanity
>> check.
>
> Hmm, looks like 'length' should be size_t? Then nothing can overflow anymore
> (on hosts with size_t 64bit and int 32bit)
Sure. I imagine that anything trying to create a TREE_VEC that large
is going to have a bad time for other reasons, but those will probably
be more obvious.
Applying this:
Jason
commit 2a5c0a40193350e57407165d17afe427a9f42325
Author: Jason Merrill <ja...@redhat.com>
Date: Thu May 18 15:23:53 2017 -0400
* tree.c (make_tree_vec_stat, grow_tree_vec_stat): Use size_t.
diff --git a/gcc/tree.c b/gcc/tree.c
index 7506725..db31620 100644
--- a/gcc/tree.c
+++ b/gcc/tree.c
@@ -2268,7 +2268,7 @@ tree
make_tree_vec_stat (int len MEM_STAT_DECL)
{
tree t;
- int length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec);
+ size_t length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec);
record_node_allocation_statistics (TREE_VEC, length);
@@ -2290,8 +2290,8 @@ grow_tree_vec_stat (tree v, int len MEM_STAT_DECL)
int oldlen = TREE_VEC_LENGTH (v);
gcc_assert (len > oldlen);
- int oldlength = (oldlen - 1) * sizeof (tree) + sizeof (struct tree_vec);
- int length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec);
+ size_t oldlength = (oldlen - 1) * sizeof (tree) + sizeof (struct tree_vec);
+ size_t length = (len - 1) * sizeof (tree) + sizeof (struct tree_vec);
record_node_allocation_statistics (TREE_VEC, length - oldlength);
