Re: [PATCH] Fix buffer overflow in SH expand_cbranchdi4 (PR target/79462)
On Tue, 2017-02-14 at 09:22 +0100, Jakub Jelinek wrote: > Hi! > > The following patch fixes a buffer overflow in the SH backend. > r235698 removed an operand (clobber of match_scratch) from the > various > cbranch pattersn that called expand_cbranchdi4 as well as all but > one references to operands[4] in that code. Now that the insn only > has 4 operands, clearing operands[4] is a buffer overflow. > > Tested by Kaz (thanks). > In the PR Oleg asked for a comment, but I'm not sure how useful is > it to document that something used to be cleared and is not anymore, > because it doesn't exist. > > Ok for trunk (or suggested wording for a comment)? > Sorry, I haven't checked the code in a while. If it's the last reference, then of course a comment would be just confusing like you've said. Thanks for figuring it out. OK as it is for trunk and the other branches. Cheers, Oleg
[PATCH] Fix buffer overflow in SH expand_cbranchdi4 (PR target/79462)
Hi! The following patch fixes a buffer overflow in the SH backend. r235698 removed an operand (clobber of match_scratch) from the various cbranch pattersn that called expand_cbranchdi4 as well as all but one references to operands[4] in that code. Now that the insn only has 4 operands, clearing operands[4] is a buffer overflow. Tested by Kaz (thanks). In the PR Oleg asked for a comment, but I'm not sure how useful is it to document that something used to be cleared and is not anymore, because it doesn't exist. Ok for trunk (or suggested wording for a comment)? 2017-02-14 Jakub JelinekPR target/79462 * config/sh/sh.c (expand_cbranchdi4): Don't clear operands[4]. --- gcc/config/sh/sh.c.jj 2017-01-01 12:45:41.0 +0100 +++ gcc/config/sh/sh.c 2017-02-11 10:15:03.460321825 +0100 @@ -2152,7 +2152,6 @@ expand_cbranchdi4 (rtx *operands, enum r } operands[1] = op1h; operands[2] = op2h; - operands[4] = NULL_RTX; if (msw_taken != LAST_AND_UNUSED_RTX_CODE) expand_cbranchsi4 (operands, msw_taken, msw_taken_prob); Jakub