| Message ID | 9871cd37-f2da-ad03-3083-22ff70422ddc@yahoo.co.jp |
|---|---|
| State | Committed |
| Commit | f896c13489d22b30d01257bc8316ab97b3359d1c |
| Headers |
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 24B2D385E010 for <patchwork@sourceware.org>; Wed, 26 Oct 2022 06:29:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 24B2D385E010 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1666765741; bh=Er3fg+SZaLeukyplrHGCaZGAIYsy0PuSdTlL6skRAw8=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=XJuyL/fw1MA7aW15YbbORubVg3fB4f5j8x0H8n4VVHOF+AekrlRfWzTaWKHYa+UQ+ BKO+upPtnDRtWQi8HkG9g7emXN1IcgJ3fcNaRz87QPk5gSFcfobmEfJrBmxyeswEi3 q+tVlFqZ6K/W+RzMg9UZFFT+m6YPb2adKlXlgcdk= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from sonicconh6003-vm2.mail.ssk.yahoo.co.jp (sonicconh6003-vm2.mail.ssk.yahoo.co.jp [182.22.37.43]) by sourceware.org (Postfix) with ESMTPS id 321DD3856DE2 for <gcc-patches@gcc.gnu.org>; Wed, 26 Oct 2022 06:27:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 321DD3856DE2 X-YMail-OSG: p5DWa8MVM1lpIIQ.32N.TK5yz0Gg9wnNNJ3xkmK7QL4MSELWJqgXrekZ_e0F2OC i53Ui42qwAFanN2HRUSf1yFN8DzFHe1SXMQWQMUl5NkOVWDyoslOgxCmrYqN1q06fCAulGH0XLt8 NV5YYZssxS67G1LOx4MryV0RVVzp5eMTlbfAMSA_HxZ4tsupXiCD.BhRTSBTSQ6QUTpWWNMgmcPD Rqy0ylJbvNvyPeYHosZ1ZmPSmTOFTzEvIdf_Gb5I4YeAa.6W4kOc.OhyBDm4lBwDDC6MX37G4Ces UAgs05wu0Jp0VM4U823zTCa4SrN66lltgkdzN9FfMWaES8islE5QqDSUKCoZM5Hw6ilvAFgCFEWU 13jq19712CKUpzHNhFbYsAejLwphgZTWpTgb48xZr1_Eqw6tVsJanImDpP9WSk7OLnE50Z4H001t 2ponbIyE1Zb0BiSGHJMirO_zbUlZ6PazcMqubdmHa5SLpvP9atEDdvuViGrAWZKGF01eA8OR886M 5Mx_PU._oN.pqwf7DCR4veZH0qZjmyLUQ.xQgJjvkCYNwvY6SkLPuT9eMSrN1dl2X3ScYsx1LG27 LuRgTCX8rwuqB.YP846vNRaa2S_5Zyt83EGEOlwuOe0kUyE2LdqPlQM8lBtswjKCAevZdw5V54A4 ku40coiIRSEDfUWwCv6yCUwZz6FWXtxDWTojRTEwBn3MtrFWawu46mb14f0ES85eiC.Cz7CaVhXG yMWpIqJQbdHY0rxtnS5t2QBk.QV0huYqj7h8wdQc1Y4Ym8mQR6IbjTOapaPTikLbv8_FfT.tmXsr ol4H5Ny7b7eP.d4_preSxsg429OIeWXD6wns9sCaSGBPXDfiY5nVWQh27YmX4ZHI_tbiKz2CSKu_ fwkSP8XDKZDNzG_O2Bp.9DZuPc1KrWU3EU4gtrUkdDpwbbjYYvuxdnRJpegNo2RAtZRwhppcO5rI IbA-- Received: from sonicgw.mail.yahoo.co.jp by sonicconh6003.mail.ssk.yahoo.co.jp with HTTP; Wed, 26 Oct 2022 06:27:55 +0000 Received: by smtphe6009.mail.ssk.ynwp.yahoo.co.jp (YJ Hermes SMTP Server) with ESMTPA ID 33dfe68987971696abf56d1a64b45bfd; Wed, 26 Oct 2022 15:27:53 +0900 (JST) Message-ID: <9871cd37-f2da-ad03-3083-22ff70422ddc@yahoo.co.jp> Date: Wed, 26 Oct 2022 15:27:51 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.0 Subject: [PATCH] xtensa: Fix out-of-bounds array access To: GCC Patches <gcc-patches@gcc.gnu.org> References: <7e3fe210-6dbc-fc29-dbb8-b951e89cf7e9@yahoo.co.jp> <mptzggkmj83.fsf@arm.com> <87f124f0-8a10-6c3b-6b12-cabf855e2e4b@yahoo.co.jp> <bae72550-da78-7ef7-dc3e-71ff28b7ec7f@gmail.com> <3296b387-083a-40cf-1bb5-40269e804f52@yahoo.co.jp> <CAMo8BfJqVu320Qh1ahnWsU_2gsUYJFgZgsa4=dBzALM1CmT83w@mail.gmail.com> <b1609279-d845-30a1-1ec6-ed0ca6c60a68@yahoo.co.jp> <CAMo8BfJOUHfuQHrk4jVsVVZCPZi5TC7_G+BHbevWvPspqJ159Q@mail.gmail.com> <CAMo8BfKmaALam+7rMcuCOfAu14mom8CS=vgbYX06byK12RVXxw@mail.gmail.com> <3054719f-6688-211c-da07-93c0fbf7c038@yahoo.co.jp> <20221025200957.v5yjre2fsbxqby43@lug-owl.de> In-Reply-To: <20221025200957.v5yjre2fsbxqby43@lug-owl.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, WEIRD_PORT autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org> List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe> List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/> List-Post: <mailto:gcc-patches@gcc.gnu.org> List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help> List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe> From: Takayuki 'January June' Suwa via Gcc-patches <gcc-patches@gcc.gnu.org> Reply-To: Takayuki 'January June' Suwa <jjsuwa_sys3175@yahoo.co.jp> Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org> |
| Series |
xtensa: Fix out-of-bounds array access
|
|
Commit Message
Takayuki 'January June' Suwa
Oct. 26, 2022, 6:27 a.m. UTC
On 2022/10/26 5:09, Jan-Benedict Glaw wrote: > I didn't yet actually check the warning, it may be bogus. This "problem" can occur in the following two places calling xtensa_split_DI_reg_imm(): - (define_expand "movdi") @ line 943-945 - (define_split) @ line 989 and the former causes the "real" problem: [from gcc/insn-emit.cc (generated by building)] > /* ../../gcc/config/xtensa/xtensa.md:932 */ > rtx > gen_movdi (rtx operand0, > rtx operand1) > { > rtx_insn *_val = 0; > start_sequence (); > { > rtx operands[2]; // only 2 elements > operands[0] = operand0; > operands[1] = operand1; > #define FAIL return (end_sequence (), _val) > #define DONE return (_val = get_insns (), end_sequence (), _val) > #line 936 "../../gcc/config/xtensa/xtensa.md" > { > if (CONSTANT_P (operands[1])) > { > /* Split in halves if 64-bit Const-to-Reg moves > because of offering further optimization opportunities. */ > if (register_operand (operands[0], DImode)) > { > xtensa_split_DI_reg_imm (operands); // out-of-bounds! > emit_move_insn (operands[0], operands[1]); > emit_move_insn (operands[2], operands[3]); // out-of-bounds! > DONE; > } The latter is not a problem as the array is large enough (up to MAX_RECOG_OPERANDS-1). === gcc/ChangeLog: * config/xtensa/xtensa.md (movdi): Copy operands[0...1] to ops[0...3] and then use the latter before calling xtensa_split_DI_reg_imm() and emitting insns. --- gcc/config/xtensa/xtensa.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
Comments
On Tue, Oct 25, 2022 at 11:27 PM Takayuki 'January June' Suwa <jjsuwa_sys3175@yahoo.co.jp> wrote: > > On 2022/10/26 5:09, Jan-Benedict Glaw wrote: > > I didn't yet actually check the warning, it may be bogus. > > This "problem" can occur in the following two places calling xtensa_split_DI_reg_imm(): > > - (define_expand "movdi") @ line 943-945 > - (define_split) @ line 989 > > and the former causes the "real" problem: > > [from gcc/insn-emit.cc (generated by building)] > > > /* ../../gcc/config/xtensa/xtensa.md:932 */ > > rtx > > gen_movdi (rtx operand0, > > rtx operand1) > > { > > rtx_insn *_val = 0; > > start_sequence (); > > { > > rtx operands[2]; // only 2 elements > > operands[0] = operand0; > > operands[1] = operand1; > > #define FAIL return (end_sequence (), _val) > > #define DONE return (_val = get_insns (), end_sequence (), _val) > > #line 936 "../../gcc/config/xtensa/xtensa.md" > > { > > if (CONSTANT_P (operands[1])) > > { > > /* Split in halves if 64-bit Const-to-Reg moves > > because of offering further optimization opportunities. */ > > if (register_operand (operands[0], DImode)) > > { > > xtensa_split_DI_reg_imm (operands); // out-of-bounds! > > emit_move_insn (operands[0], operands[1]); > > emit_move_insn (operands[2], operands[3]); // out-of-bounds! > > DONE; > > } > > The latter is not a problem as the array is large enough (up to MAX_RECOG_OPERANDS-1). > > === > > gcc/ChangeLog: > > * config/xtensa/xtensa.md (movdi): > Copy operands[0...1] to ops[0...3] and then use the latter before > calling xtensa_split_DI_reg_imm() and emitting insns. > --- > gcc/config/xtensa/xtensa.md | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) Committed to master as obvious after cleaning up the commit message.
diff --git a/gcc/config/xtensa/xtensa.md b/gcc/config/xtensa/xtensa.md index 2e7f76ada5c..de9bcbf24f7 100644 --- a/gcc/config/xtensa/xtensa.md +++ b/gcc/config/xtensa/xtensa.md @@ -940,9 +940,10 @@ because of offering further optimization opportunities. */ if (register_operand (operands[0], DImode)) { - xtensa_split_DI_reg_imm (operands); - emit_move_insn (operands[0], operands[1]); - emit_move_insn (operands[2], operands[3]); + rtx ops[4] = { operands[0], operands[1] }; + xtensa_split_DI_reg_imm (ops); + emit_move_insn (ops[0], ops[1]); + emit_move_insn (ops[2], ops[3]); DONE; }