Re: [PATCH] Fix buffer overflow in SH expand_cbranchdi4 (PR target/79462)

2017-02-14 Thread Oleg Endo 
On Tue, 2017-02-14 at 09:22 +0100, Jakub Jelinek wrote:
> Hi!
> 
> The following patch fixes a buffer overflow in the SH backend.
> r235698 removed an operand (clobber of match_scratch) from the
> various
> cbranch pattersn that called expand_cbranchdi4 as well as all but
> one references to operands[4] in that code.  Now that the insn only
> has 4 operands, clearing operands[4] is a buffer overflow.
> 
> Tested by Kaz (thanks).
> In the PR Oleg asked for a comment, but I'm not sure how useful is
> it to document that something used to be cleared and is not anymore,
> because it doesn't exist.
> 
> Ok for trunk (or suggested wording for a comment)?
> 

Sorry, I haven't checked the code in a while.  If it's the last
reference, then of course a comment would be just confusing like you've
said.  Thanks for figuring it out.  OK as it is for trunk and the other
branches.

Cheers,
Oleg

[PATCH] Fix buffer overflow in SH expand_cbranchdi4 (PR target/79462)

2017-02-14 Thread Jakub Jelinek 
Hi!

The following patch fixes a buffer overflow in the SH backend.
r235698 removed an operand (clobber of match_scratch) from the various
cbranch pattersn that called expand_cbranchdi4 as well as all but
one references to operands[4] in that code.  Now that the insn only
has 4 operands, clearing operands[4] is a buffer overflow.

Tested by Kaz (thanks).
In the PR Oleg asked for a comment, but I'm not sure how useful is
it to document that something used to be cleared and is not anymore,
because it doesn't exist.

Ok for trunk (or suggested wording for a comment)?

2017-02-14  Jakub Jelinek  

PR target/79462
* config/sh/sh.c (expand_cbranchdi4): Don't clear operands[4].

--- gcc/config/sh/sh.c.jj   2017-01-01 12:45:41.0 +0100
+++ gcc/config/sh/sh.c  2017-02-11 10:15:03.460321825 +0100
@@ -2152,7 +2152,6 @@ expand_cbranchdi4 (rtx *operands, enum r
 }
   operands[1] = op1h;
   operands[2] = op2h;
-  operands[4] = NULL_RTX;
 
   if (msw_taken != LAST_AND_UNUSED_RTX_CODE)
 expand_cbranchsi4 (operands, msw_taken, msw_taken_prob);

Jakub