From patchwork Wed Oct 26 06:27:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Takayuki 'January June' Suwa X-Patchwork-Id: 1694762 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=skGzRsOi; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MxzRB4ww1z20S2 for ; Wed, 26 Oct 2022 17:28:53 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5CF263856161 for ; Wed, 26 Oct 2022 06:28:51 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5CF263856161 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1666765731; bh=Er3fg+SZaLeukyplrHGCaZGAIYsy0PuSdTlL6skRAw8=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=skGzRsOisI66jKjSXxj8a348Mbj4i0zgVSiA6k+R6FNax7IYozXSXutqF2w9DSEK+ TKAWnxXhw/QOo22phsouO6bmSSTgvVi7AbtMdLQdWlgKWrHzLcqU3snbeV8/79mwaz 5putFypl/FQOfcznhH9lJV8RLtrzGO8kB/fouJhQ= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from sonicconh6003-vm2.mail.ssk.yahoo.co.jp (sonicconh6003-vm2.mail.ssk.yahoo.co.jp [182.22.37.43]) by sourceware.org (Postfix) with ESMTPS id 321DD3856DE2 for ; Wed, 26 Oct 2022 06:27:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 321DD3856DE2 X-YMail-OSG: p5DWa8MVM1lpIIQ.32N.TK5yz0Gg9wnNNJ3xkmK7QL4MSELWJqgXrekZ_e0F2OC i53Ui42qwAFanN2HRUSf1yFN8DzFHe1SXMQWQMUl5NkOVWDyoslOgxCmrYqN1q06fCAulGH0XLt8 NV5YYZssxS67G1LOx4MryV0RVVzp5eMTlbfAMSA_HxZ4tsupXiCD.BhRTSBTSQ6QUTpWWNMgmcPD Rqy0ylJbvNvyPeYHosZ1ZmPSmTOFTzEvIdf_Gb5I4YeAa.6W4kOc.OhyBDm4lBwDDC6MX37G4Ces UAgs05wu0Jp0VM4U823zTCa4SrN66lltgkdzN9FfMWaES8islE5QqDSUKCoZM5Hw6ilvAFgCFEWU 13jq19712CKUpzHNhFbYsAejLwphgZTWpTgb48xZr1_Eqw6tVsJanImDpP9WSk7OLnE50Z4H001t 2ponbIyE1Zb0BiSGHJMirO_zbUlZ6PazcMqubdmHa5SLpvP9atEDdvuViGrAWZKGF01eA8OR886M 5Mx_PU._oN.pqwf7DCR4veZH0qZjmyLUQ.xQgJjvkCYNwvY6SkLPuT9eMSrN1dl2X3ScYsx1LG27 LuRgTCX8rwuqB.YP846vNRaa2S_5Zyt83EGEOlwuOe0kUyE2LdqPlQM8lBtswjKCAevZdw5V54A4 ku40coiIRSEDfUWwCv6yCUwZz6FWXtxDWTojRTEwBn3MtrFWawu46mb14f0ES85eiC.Cz7CaVhXG yMWpIqJQbdHY0rxtnS5t2QBk.QV0huYqj7h8wdQc1Y4Ym8mQR6IbjTOapaPTikLbv8_FfT.tmXsr ol4H5Ny7b7eP.d4_preSxsg429OIeWXD6wns9sCaSGBPXDfiY5nVWQh27YmX4ZHI_tbiKz2CSKu_ fwkSP8XDKZDNzG_O2Bp.9DZuPc1KrWU3EU4gtrUkdDpwbbjYYvuxdnRJpegNo2RAtZRwhppcO5rI IbA-- Received: from sonicgw.mail.yahoo.co.jp by sonicconh6003.mail.ssk.yahoo.co.jp with HTTP; Wed, 26 Oct 2022 06:27:55 +0000 Received: by smtphe6009.mail.ssk.ynwp.yahoo.co.jp (YJ Hermes SMTP Server) with ESMTPA ID 33dfe68987971696abf56d1a64b45bfd; Wed, 26 Oct 2022 15:27:53 +0900 (JST) Message-ID: <9871cd37-f2da-ad03-3083-22ff70422ddc@yahoo.co.jp> Date: Wed, 26 Oct 2022 15:27:51 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.0 Subject: [PATCH] xtensa: Fix out-of-bounds array access To: GCC Patches References: <7e3fe210-6dbc-fc29-dbb8-b951e89cf7e9@yahoo.co.jp> <87f124f0-8a10-6c3b-6b12-cabf855e2e4b@yahoo.co.jp> <3296b387-083a-40cf-1bb5-40269e804f52@yahoo.co.jp> <3054719f-6688-211c-da07-93c0fbf7c038@yahoo.co.jp> <20221025200957.v5yjre2fsbxqby43@lug-owl.de> In-Reply-To: <20221025200957.v5yjre2fsbxqby43@lug-owl.de> X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, WEIRD_PORT autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Takayuki 'January June' Suwa via Gcc-patches From: Takayuki 'January June' Suwa Reply-To: Takayuki 'January June' Suwa Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" On 2022/10/26 5:09, Jan-Benedict Glaw wrote: > I didn't yet actually check the warning, it may be bogus. This "problem" can occur in the following two places calling xtensa_split_DI_reg_imm(): - (define_expand "movdi") @ line 943-945 - (define_split) @ line 989 and the former causes the "real" problem: [from gcc/insn-emit.cc (generated by building)] > /* ../../gcc/config/xtensa/xtensa.md:932 */ > rtx > gen_movdi (rtx operand0, > rtx operand1) > { > rtx_insn *_val = 0; > start_sequence (); > { > rtx operands[2]; // only 2 elements > operands[0] = operand0; > operands[1] = operand1; > #define FAIL return (end_sequence (), _val) > #define DONE return (_val = get_insns (), end_sequence (), _val) > #line 936 "../../gcc/config/xtensa/xtensa.md" > { > if (CONSTANT_P (operands[1])) > { > /* Split in halves if 64-bit Const-to-Reg moves > because of offering further optimization opportunities. */ > if (register_operand (operands[0], DImode)) > { > xtensa_split_DI_reg_imm (operands); // out-of-bounds! > emit_move_insn (operands[0], operands[1]); > emit_move_insn (operands[2], operands[3]); // out-of-bounds! > DONE; > } The latter is not a problem as the array is large enough (up to MAX_RECOG_OPERANDS-1). === gcc/ChangeLog: * config/xtensa/xtensa.md (movdi): Copy operands[0...1] to ops[0...3] and then use the latter before calling xtensa_split_DI_reg_imm() and emitting insns. --- gcc/config/xtensa/xtensa.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/gcc/config/xtensa/xtensa.md b/gcc/config/xtensa/xtensa.md index 2e7f76ada5c..de9bcbf24f7 100644 --- a/gcc/config/xtensa/xtensa.md +++ b/gcc/config/xtensa/xtensa.md @@ -940,9 +940,10 @@ because of offering further optimization opportunities. */ if (register_operand (operands[0], DImode)) { - xtensa_split_DI_reg_imm (operands); - emit_move_insn (operands[0], operands[1]); - emit_move_insn (operands[2], operands[3]); + rtx ops[4] = { operands[0], operands[1] }; + xtensa_split_DI_reg_imm (ops); + emit_move_insn (ops[0], ops[1]); + emit_move_insn (ops[2], ops[3]); DONE; }