Fix out-of-bounds write in RTL function reader (PR bootstrap/79952)
gcc/ChangeLog: PR bootstrap/79952 * read-rtl-function.c (function_reader::read_rtx_operand): Update x with result of extra_parsing_for_operand_code_0. (function_reader::extra_parsing_for_operand_code_0): Convert return type from void to rtx, returning x. When reading SYMBOL_REF with SYMBOL_FLAG_HAS_BLOCK_INFO, reallocate x to the larger size containing struct block_symbol. From-SVN: r246044
This commit is contained in:
David Malcolm
David Malcolm
parent
7502c5970d
commit
57517ca426
|
|
@ -1,3 +1,13 @@
|
|||
2017-03-10 David Malcolm <dmalcolm@redhat.com>
|
||||
|
||||
PR bootstrap/79952
|
||||
* read-rtl-function.c (function_reader::read_rtx_operand): Update
|
||||
x with result of extra_parsing_for_operand_code_0.
|
||||
(function_reader::extra_parsing_for_operand_code_0): Convert
|
||||
return type from void to rtx, returning x. When reading
|
||||
SYMBOL_REF with SYMBOL_FLAG_HAS_BLOCK_INFO, reallocate x to the
|
||||
larger size containing struct block_symbol.
|
||||
|
||||
2017-03-10 Segher Boessenkool <segher@kernel.crashing.org>
|
||||
|
||||
* config/rs6000/rs6000.c (rs6000_option_override_internal): Disallow
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ class function_reader : public rtx_reader
|
|||
void read_rtx_operand_u (rtx x, int idx);
|
||||
void read_rtx_operand_i_or_n (rtx x, int idx, char format_char);
|
||||
rtx read_rtx_operand_r (rtx x);
|
||||
void extra_parsing_for_operand_code_0 (rtx x, int idx);
|
||||
rtx extra_parsing_for_operand_code_0 (rtx x, int idx);
|
||||
|
||||
void add_fixup_insn_uid (file_location loc, rtx insn, int operand_idx,
|
||||
int insn_uid);
|
||||
|
|
@ -923,7 +923,7 @@ function_reader::read_rtx_operand (rtx x, int idx)
|
|||
switch (format_char)
|
||||
{
|
||||
case '0':
|
||||
extra_parsing_for_operand_code_0 (x, idx);
|
||||
x = extra_parsing_for_operand_code_0 (x, idx);
|
||||
break;
|
||||
|
||||
case 'w':
|
||||
|
|
@ -1116,9 +1116,10 @@ function_reader::read_rtx_operand_r (rtx x)
|
|||
}
|
||||
|
||||
/* Additional parsing for format code '0' in dumps, handling a variety
|
||||
of special-cases in print_rtx, when parsing operand IDX of X. */
|
||||
of special-cases in print_rtx, when parsing operand IDX of X.
|
||||
Return X, or possibly a reallocated copy of X. */
|
||||
|
||||
void
|
||||
rtx
|
||||
function_reader::extra_parsing_for_operand_code_0 (rtx x, int idx)
|
||||
{
|
||||
RTX_CODE code = GET_CODE (x);
|
||||
|
|
@ -1137,9 +1138,26 @@ function_reader::extra_parsing_for_operand_code_0 (rtx x, int idx)
|
|||
read_name (&name);
|
||||
SYMBOL_REF_FLAGS (x) = strtol (name.string, NULL, 16);
|
||||
|
||||
/* We can't reconstruct SYMBOL_REF_BLOCK; set it to NULL. */
|
||||
/* The standard RTX_CODE_SIZE (SYMBOL_REF) used when allocating
|
||||
x doesn't have space for the block_symbol information, so
|
||||
we must reallocate it if this flag is set. */
|
||||
if (SYMBOL_REF_HAS_BLOCK_INFO_P (x))
|
||||
SYMBOL_REF_BLOCK (x) = NULL;
|
||||
{
|
||||
/* Emulate the allocation normally done by
|
||||
varasm.c:create_block_symbol. */
|
||||
unsigned int size = RTX_HDR_SIZE + sizeof (struct block_symbol);
|
||||
rtx new_x = (rtx) ggc_internal_alloc (size);
|
||||
|
||||
/* Copy data over from the smaller SYMBOL_REF. */
|
||||
memcpy (new_x, x, RTX_CODE_SIZE (SYMBOL_REF));
|
||||
x = new_x;
|
||||
|
||||
/* We can't reconstruct SYMBOL_REF_BLOCK; set it to NULL. */
|
||||
SYMBOL_REF_BLOCK (x) = NULL;
|
||||
|
||||
/* Zero the offset. */
|
||||
SYMBOL_REF_BLOCK_OFFSET (x) = 0;
|
||||
}
|
||||
|
||||
require_char (']');
|
||||
}
|
||||
|
|
@ -1185,6 +1203,8 @@ function_reader::extra_parsing_for_operand_code_0 (rtx x, int idx)
|
|||
else
|
||||
unread_char (c);
|
||||
}
|
||||
|
||||
return x;
|
||||
}
|
||||
|
||||
/* Implementation of rtx_reader::handle_any_trailing_information.
|
||||
|
|
|
|||
Loading…
Reference in New Issue