From e91c8ed63fa4d372a740ca8047bf42c0b86593c4 Mon Sep 17 00:00:00 2001
From: Richard Biener <rguenther@suse.de>
Date: Wed, 20 Feb 2013 11:39:39 +0000
Subject: [PATCH] re PR tree-optimization/56396 (memory corruption in cc1)

2013-02-20  Richard Biener  <rguenther@suse.de>
	Jakub Jelinek  <jakub@redhat.com>

	PR tree-optimization/56396
	* tree-ssa-ccp.c (n_const_val): New static variable.
	(get_value): Return NULL for SSA names we don't have a lattice
	entry for.
	(ccp_initialize): Initialize n_const_val.
	* tree-ssa-copy.c (n_copy_of): New static variable.
	(init_copy_prop): Initialize n_copy_of.
	(get_value): Return NULL_TREE for SSA names we don't have a
	lattice entry for.

	* gcc.dg/pr56396.c: New testcase.

Co-Authored-By: Jakub Jelinek <jakub@redhat.com>

From-SVN: r196170
---
 gcc/ChangeLog                  | 13 +++++++++++++
 gcc/testsuite/ChangeLog        |  6 ++++++
 gcc/testsuite/gcc.dg/pr56396.c | 22 ++++++++++++++++++++++
 gcc/tree-ssa-ccp.c             |  7 +++++--
 gcc/tree-ssa-copy.c            |  9 +++++++--
 5 files changed, 53 insertions(+), 4 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/pr56396.c

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 7f9b13f47ee8..5e18a6c5ad6a 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,16 @@
+2013-02-20  Richard Biener  <rguenther@suse.de>
+	Jakub Jelinek  <jakub@redhat.com>
+
+	PR tree-optimization/56396
+	* tree-ssa-ccp.c (n_const_val): New static variable.
+	(get_value): Return NULL for SSA names we don't have a lattice
+	entry for.
+	(ccp_initialize): Initialize n_const_val.
+	* tree-ssa-copy.c (n_copy_of): New static variable.
+	(init_copy_prop): Initialize n_copy_of.
+	(get_value): Return NULL_TREE for SSA names we don't have a
+	lattice entry for.
+
 2013-02-20  Martin Jambor  <mjambor@suse.cz>
 
 	* ipa-cp.c (initialize_node_lattices): Fix dumping condition.
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 0135609ad3b2..838de3c15c3a 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,9 @@
+2013-02-20  Richard Biener  <rguenther@suse.de>
+	Jakub Jelinek  <jakub@redhat.com>
+
+	PR tree-optimization/56396
+	* gcc.dg/pr56396.c: New testcase.
+
 2013-02-20  Paolo Carlini  <paolo.carlini@oracle.com>
 
 	PR c++/56373
diff --git a/gcc/testsuite/gcc.dg/pr56396.c b/gcc/testsuite/gcc.dg/pr56396.c
new file mode 100644
index 000000000000..d2ec8fa9bff0
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr56396.c
@@ -0,0 +1,22 @@
+/* PR tree-optimization/56396 */
+/* { dg-do compile } */
+/* { dg-options "-O2 -fpic -g" } */
+
+struct S { char *s; int z; };
+struct T { int t; } *c, u;
+void bar (int, const char *);
+
+inline void *
+foo (void *x, char *y, int z)
+{
+  struct S s;
+  char b[256];
+  s.s = b;
+  s.z = __builtin___sprintf_chk (s.s, 1, __builtin_object_size (s.s, 2), "Require");
+  if (s.z < 0)
+    bar (u.t | c->t, "rls");
+  if (foo (x, s.s, s.z))
+    {
+    }
+  return (void *) 0;
+}
diff --git a/gcc/tree-ssa-ccp.c b/gcc/tree-ssa-ccp.c
index d8f03a1a3431..b4faded0b509 100644
--- a/gcc/tree-ssa-ccp.c
+++ b/gcc/tree-ssa-ccp.c
@@ -162,6 +162,7 @@ typedef struct prop_value_d prop_value_t;
    memory reference used to store (i.e., the LHS of the assignment
    doing the store).  */
 static prop_value_t *const_val;
+static unsigned n_const_val;
 
 static void canonicalize_float_value (prop_value_t *);
 static bool ccp_fold_stmt (gimple_stmt_iterator *);
@@ -295,7 +296,8 @@ get_value (tree var)
 {
   prop_value_t *val;
 
-  if (const_val == NULL)
+  if (const_val == NULL
+      || SSA_NAME_VERSION (var) >= n_const_val)
     return NULL;
 
   val = &const_val[SSA_NAME_VERSION (var)];
@@ -713,7 +715,8 @@ ccp_initialize (void)
 {
   basic_block bb;
 
-  const_val = XCNEWVEC (prop_value_t, num_ssa_names);
+  n_const_val = num_ssa_names;
+  const_val = XCNEWVEC (prop_value_t, n_const_val);
 
   /* Initialize simulation flags for PHI nodes and statements.  */
   FOR_EACH_BB (bb)
diff --git a/gcc/tree-ssa-copy.c b/gcc/tree-ssa-copy.c
index 551ebe3f0ede..75a415454def 100644
--- a/gcc/tree-ssa-copy.c
+++ b/gcc/tree-ssa-copy.c
@@ -280,6 +280,7 @@ struct prop_value_d {
 typedef struct prop_value_d prop_value_t;
 
 static prop_value_t *copy_of;
+static unsigned n_copy_of;
 
 
 /* Return true if this statement may generate a useful copy.  */
@@ -664,7 +665,8 @@ init_copy_prop (void)
 {
   basic_block bb;
 
-  copy_of = XCNEWVEC (prop_value_t, num_ssa_names);
+  n_copy_of = num_ssa_names;
+  copy_of = XCNEWVEC (prop_value_t, n_copy_of);
 
   FOR_EACH_BB (bb)
     {
@@ -728,7 +730,10 @@ init_copy_prop (void)
 static tree
 get_value (tree name)
 {
-  tree val = copy_of[SSA_NAME_VERSION (name)].value;
+  tree val;
+  if (SSA_NAME_VERSION (name) >= n_copy_of)
+    return NULL_TREE;
+  val = copy_of[SSA_NAME_VERSION (name)].value;
   if (val && val != name)
     return val;
   return NULL_TREE;
-- 
GitLab