[Bug tree-optimization/71845] New: [7 Regression] ICE: use-after-free in (anonymous namespace)::pass_pre::execute

Mon, 11 Jul 2016 12:02:47 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71845

            Bug ID: 71845
           Summary: [7 Regression] ICE: use-after-free in (anonymous
                    namespace)::pass_pre::execute
           Product: gcc
           Version: 7.0
            Status: UNCONFIRMED
          Keywords: ice-on-valid-code
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: asolokha at gmx dot com
  Target Milestone: ---

gcc-7.0.0-alpha20160710 ICEs when compiling the following reduced testcase w/
-O2, -O3, -Ofast, or -Os:

struct nc
{
  int yu;
};

int ly;

struct nc
ej (int rk)
{
  struct nc ja = { 0 };
  struct nc *ph[] = { &ja };
  long int my = (long int) ph;
  long int ei = (long int) &my;

  ly = 0;
  if (rk != 0)
    return ja;
  return ja;
}

% MALLOC_PERTURB_=$((RANDOM % 255 + 1))
x86_64-unknown-linux-gnu-gcc-7.0.0-alpha20160710 -c -O2 urrl4dj1.c   
urrl4dj1.c: In function 'ej':
urrl4dj1.c:9:1: internal compiler error: Segmentation fault
 ej (int rk)
 ^~

valgrind reports the following (backtrace trimmed):

==8815== Invalid read of size 8
==8815==    at 0xCF57A9: (anonymous namespace)::pass_pre::execute(function*)
(in /usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0xA836A1: execute_one_pass(opt_pass*) (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0xA83C77: execute_pass_list_1(opt_pass*) (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0xA83C89: execute_pass_list_1(opt_pass*) (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0xA83CD4: execute_pass_list(function*, opt_pass*) (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0x768213: cgraph_node::expand() (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0x769B87: symbol_table::compile() [clone .part.49] (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0x76BE87: symbol_table::finalize_compilation_unit() (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0xB51A9C: compile_file() (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0x5CCDEB: toplev::main(int, char**) (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0x5CEE66: main (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==  Address 0x5f3fd40 is 32 bytes inside a block of size 232 free'd
==8815==    at 0x402DCBF: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==8815==    by 0xCF5791: (anonymous namespace)::pass_pre::execute(function*)
(in /usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
<trimmed>
==8815==  Block was alloc'd at
==8815==    at 0x402BE11: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==8815==    by 0x13993DF: xrealloc (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0xD12EFD: vn_reference_operands_for_lookup(tree_node*) (in
/usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
==8815==    by 0xCF45F5: (anonymous namespace)::pass_pre::execute(function*)
(in /usr/libexec/gcc/x86_64-unknown-linux-gnu/7.0.0-alpha20160710/cc1)
<trimmed>

Reply via email to