gimple-fold: Fix buffer overflow in fold_array_ctor_reference [PR93454]
libgcrypt FAILs to build on aarch64-linux with
*** stack smashing detected ***: terminated
when gcc is compiled with -D_FORTIFY_SOURCE=2. The problem is if
fold_array_ctor_reference is called with size equal to or very close to
MAX_BITSIZE_MODE_ANY_MODE bits and non-zero inner_offset.
The first native_encode_expr is called with that inner_offset and bufoff 0,
the subsequent ones with offset of 0, and bufoff elt_size - inner_offset,
2 * elt_size - inner_offset etc. So, e.g. on the testcase where we start
with inner_offset 1 and size is e.g. 256 bytes and elt_size 4 bytes
we then call native_encode_expr at bufoff 251 and then 255, but that one
overwrites 3 bytes beyond the buf array.
The following patch fixes that. In addition, it avoids calling
elt_size.to_uhwi () all the time, and punts if elt_sz would be too large.
2020-01-28 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/93454
* gimple-fold.c (fold_array_ctor_reference): Perform
elt_size.to_uhwi () just once, instead of calling it in every
iteration. Punt if that value is above size of the temporary
buffer. Decrease third native_encode_expr argument when
bufoff + elt_sz is above size of buf.
* gcc.dg/pr93454.c: New test.
projects / gcc.git / commit