From patchwork Mon Nov 29 18:17:41 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martin Jambor <mjambor@suse.cz>
X-Patchwork-Id: 48261
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 244EB385DC07
	for <patchwork@sourceware.org>; Mon, 29 Nov 2021 18:18:01 +0000 (GMT)
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
 by sourceware.org (Postfix) with ESMTPS id 7C26C385B83A
 for <gcc-patches@gcc.gnu.org>; Mon, 29 Nov 2021 18:17:42 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 7C26C385B83A
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=suse.cz
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.cz
Received: from relay2.suse.de (relay2.suse.de [149.44.160.134])
 by smtp-out2.suse.de (Postfix) with ESMTP id ACCAD1FCA1;
 Mon, 29 Nov 2021 18:17:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz;
 s=susede2_rsa;
 t=1638209861;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
 mime-version:mime-version:content-type:content-type;
 bh=E6C4UEgPn3pptDMdEzfyEw2/GWos3XnjX63skFVvkfU=;
 b=wqNyq4HmaZg89rmTFySgaE80gziLr41vTprtt3S5ACp5hgL9F3qUC0M8cLwhYtulNW603z
 n/G19zW9XORW5XtSiX6Xc9Aqhw1BJo+ybxIFM9sprERkZ2QORP8KmDH2pqfKyUQTotteox
 k1QpCmXfv/2u0jiqdSCSg5dXqNA3hGs=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
 s=susede2_ed25519; t=1638209861;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
 mime-version:mime-version:content-type:content-type;
 bh=E6C4UEgPn3pptDMdEzfyEw2/GWos3XnjX63skFVvkfU=;
 b=mHOsD4haCs9Zn7QA48FcYio+8xfxP/SS0LKWI864ZusBtp4P3XBYSjZxm12gJF6IWE/w60
 kHMnnEak8pHijfCg==
Received: from suse.cz (virgil.suse.cz [10.100.13.50])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by relay2.suse.de (Postfix) with ESMTPS id 98D26A3B84;
 Mon, 29 Nov 2021 18:17:41 +0000 (UTC)
From: Martin Jambor <mjambor@suse.cz>
To: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: [PATCH] ipa-param-manip: Be careful about a reallocating hash_map
 (PR 103449)
User-Agent: Notmuch/0.34.1 (https://notmuchmail.org) Emacs/27.2
 (x86_64-suse-linux-gnu)
Date: Mon, 29 Nov 2021 19:17:41 +0100
Message-ID: <ri68rx6hlmi.fsf@suse.cz>
MIME-Version: 1.0
X-Spam-Status: No, score=-11.3 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE,
 SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Cc: Jan Hubicka <hubicka@ucw.cz>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Hi,

PR 103449 revealed that when I was storing result of one hash_map
lookup into another entry in the hash_map, I was still accessing the
entry in the table, which meanwhile could get reallocated, making the
accesses invalid-after-free.

Fixed with the following, which also simplifies the return statement
which must have been true even now.

Bootstrapped and tested on x86_64-linux.  OK for master?

Thanks,

Martin


gcc/ChangeLog:

2021-11-29  Martin Liska  <mliska@suse.cz>
	    Martin Jambor  <mjambor@suse.cz>

	PR ipa/103449
	* ipa-param-manipulation.c
	(ipa_param_body_adjustments::prepare_debug_expressions): Be
	careful about hash_map reallocating itself.  Simpify a return
	which always returns true.
---
 gcc/ipa-param-manipulation.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gcc/ipa-param-manipulation.c b/gcc/ipa-param-manipulation.c
index 479c20b3871..163af94cde0 100644
--- a/gcc/ipa-param-manipulation.c
+++ b/gcc/ipa-param-manipulation.c
@@ -1279,9 +1279,10 @@ ipa_param_body_adjustments::prepare_debug_expressions (tree dead_ssa)
       if (gimple_assign_copy_p (def)
 	  && TREE_CODE (gimple_assign_rhs1 (def)) == SSA_NAME)
 	{
-	  tree *d = m_dead_ssa_debug_equiv.get (gimple_assign_rhs1 (def));
-	  m_dead_ssa_debug_equiv.put (dead_ssa, *d);
-	  return (*d != NULL_TREE);
+	  tree d = *m_dead_ssa_debug_equiv.get (gimple_assign_rhs1 (def));
+	  gcc_assert (d);
+	  m_dead_ssa_debug_equiv.put (dead_ssa, d);
+	  return true;
 	}
 
       tree val