https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93454
Bug ID: 93454
Summary: [10 Regression] buffer overflow in
fold_array_ctor_reference since r10-1882
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: jakub at gcc dot gnu.org
Target Milestone: ---
#define A(n) n, n + 0x01010101, n + 0x02020202, n + 0x03030303
#define B(n) A (n), A (n + 0x04040404), A (n + 0x08080808), A (n + 0x0c0c0c0c)
#define C(n) B (n), B (n + 0x10101010), B (n + 0x20202020), B (n + 0x30303030)
#define D(n) C (n), C (n + 0x40404040), C (n + 0x80808080U), C (n +
0xc0c0c0c0U)
const unsigned int a[64] = { C (0) };
const unsigned int b[256] = { D (0) };
void
foo (void)
{
const unsigned char *s = ((const unsigned char *)a) + 1;
const unsigned char *t = ((const unsigned char *)b) + 1;
}
with -O2 -g overflows the buf array in fold_array_ctor_reference (overwrites 3
bytes at the end of buf) on both x86_64-linux where the buf array has 256 bytes
and on aarch64-linux where it has 1024 bytes. Shouldn't be hard to construct
testcases for other targets that can have yet different
MAX_BITSIZE_MODE_ANY_MODE values.
Started with r10-1882-g831e688af50c5f77a2daa3cd3bfd0f27d54d5d72
