diff options
| author | Richard Biener <rguenther@suse.de> | 2019-11-29 13:53:10 +0000 |
|---|---|---|
| committer | Richard Biener <rguenther@suse.de> | 2019-11-29 13:53:10 +0000 |
| commit | 3fb24c7862ea7ea8638dc59c6c243e9053d00c13 (patch) | |
| tree | 0a131efde1d587e4745b19ebaa460f8b646630aa | |
| parent | 3dd3863b4ad69bbc8214335790995de11b9c23f8 (diff) | |
2019-11-29 Richard Biener <rguenther@suse.de>
* tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail
out early for too large objects.
git-svn-id: https://gcc.gnu.org/svn/gcc/trunk@278844 138bc75d-0d04-0410-961f-82ee72b054a4
| -rw-r--r-- | gcc/ChangeLog | 5 | ||||
| -rw-r--r-- | gcc/tree-ssa-sccvn.c | 13 |
2 files changed, 15 insertions, 3 deletions
diff --git a/gcc/ChangeLog b/gcc/ChangeLog index c06d450c074..76fafa832e7 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,8 @@ +2019-11-29 Richard Biener <rguenther@suse.de> + + * tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail + out early for too large objects. + 2019-11-29 Martin Jambor <mjambor@suse.cz> PR ipa/92476 diff --git a/gcc/tree-ssa-sccvn.c b/gcc/tree-ssa-sccvn.c index 8e395675c66..8a7e0475ff8 100644 --- a/gcc/tree-ssa-sccvn.c +++ b/gcc/tree-ssa-sccvn.c @@ -1753,6 +1753,12 @@ void * vn_walk_cb_data::push_partial_def (const pd_data &pd, tree vuse, HOST_WIDE_INT maxsizei) { + const HOST_WIDE_INT bufsize = 64; + /* We're using a fixed buffer for encoding so fail early if the object + we want to interpret is bigger. */ + if (maxsizei > bufsize * BITS_PER_UNIT) + return (void *)-1; + if (partial_defs.is_empty ()) { partial_defs.safe_push (pd); @@ -1823,16 +1829,17 @@ vn_walk_cb_data::push_partial_def (const pd_data &pd, tree vuse, /* Now simply native encode all partial defs in reverse order. */ unsigned ndefs = partial_defs.length (); /* We support up to 512-bit values (for V8DFmode). */ - unsigned char buffer[64]; + unsigned char buffer[bufsize]; int len; while (!partial_defs.is_empty ()) { pd_data pd = partial_defs.pop (); + gcc_checking_assert (pd.offset < bufsize); if (TREE_CODE (pd.rhs) == CONSTRUCTOR) /* Empty CONSTRUCTOR. */ memset (buffer + MAX (0, pd.offset), - 0, MIN ((HOST_WIDE_INT)sizeof (buffer) - MAX (0, pd.offset), + 0, MIN (bufsize - MAX (0, pd.offset), pd.size + MIN (0, pd.offset))); else { @@ -1847,7 +1854,7 @@ vn_walk_cb_data::push_partial_def (const pd_data &pd, tree vuse, pad = GET_MODE_SIZE (mode) - pd.size; } len = native_encode_expr (pd.rhs, buffer + MAX (0, pd.offset), - sizeof (buffer) - MAX (0, pd.offset), + bufsize - MAX (0, pd.offset), MAX (0, -pd.offset) + pad); if (len <= 0 || len < (pd.size - MAX (0, -pd.offset))) { |