[PATCH] Fix PR 87672

Mon, 22 Oct 2018 08:00:01 -0700 

Hi!

This fixes an ICE which was exposed by a previous patch of mine,
and a wrong transformation from strcat_chk => strcpy_chk,
which fails to adjust the object size, thus allowing too much
memory to be accessed.


Bootstrapped and reg-tested on x86_64-pc-linux-gnu.
Is it OK for trunk?


Thanks
Bernd.

gcc:
2018-10-22  Bernd Edlinger  <bernd.edlin...@hotmail.de>

	PR tree-optimization/87672
	* gimple-fold.c (gimple_fold_builtin_stxcpy_chk): Gimplify.
	* tree-ssa-strlen.c (handle_builtin_strcat): Adjust object size.

testsuite:
2018-08-26  Bernd Edlinger  <bernd.edlin...@hotmail.de>

	PR tree-optimization/87672
	* gcc.dg/pr87672.c: New test.

diff -Npur gcc/gimple-fold.c gcc/gimple-fold.c
--- gcc/gimple-fold.c	2018-10-21 20:46:25.000000000 +0200
+++ gcc/gimple-fold.c	2018-10-22 08:36:19.347227227 +0200
@@ -2715,6 +2715,7 @@ gimple_fold_builtin_stxcpy_chk (gimple_s
 		return false;
 
 	      gimple_seq stmts = NULL;
+	      len = force_gimple_operand (len, &stmts, true, NULL_TREE);
 	      len = gimple_convert (&stmts, loc, size_type_node, len);
 	      len = gimple_build (&stmts, loc, PLUS_EXPR, size_type_node, len,
 				  build_int_cst (size_type_node, 1));
diff -Npur gcc/tree-ssa-strlen.c gcc/tree-ssa-strlen.c
--- gcc/tree-ssa-strlen.c	2018-10-21 20:46:25.000000000 +0200
+++ gcc/tree-ssa-strlen.c	2018-10-22 12:45:58.167144749 +0200
@@ -2605,12 +2605,19 @@ handle_builtin_strcat (enum built_in_fun
   if (endptr)
     dst = fold_convert_loc (loc, TREE_TYPE (dst), unshare_expr (endptr));
   else
-    dst = fold_build2_loc (loc, POINTER_PLUS_EXPR,
-			   TREE_TYPE (dst), unshare_expr (dst),
+    dst = fold_build2_loc (loc, POINTER_PLUS_EXPR, TREE_TYPE (dst), dst,
 			   fold_convert_loc (loc, sizetype,
 					     unshare_expr (dstlen)));
   dst = force_gimple_operand_gsi (gsi, dst, true, NULL_TREE, true,
 				  GSI_SAME_STMT);
+  if (objsz)
+    {
+      objsz = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (objsz), objsz,
+			       fold_convert_loc (loc, TREE_TYPE (objsz),
+						 unshare_expr (dstlen)));
+      objsz = force_gimple_operand_gsi (gsi, objsz, true, NULL_TREE, true,
+					GSI_SAME_STMT);
+    }
   if (dump_file && (dump_flags & TDF_DETAILS) != 0)
     {
       fprintf (dump_file, "Optimizing: ");
diff -Npur gcc/testsuite/gcc.dg/pr87672.c gcc/testsuite/gcc.dg/pr87672.c
--- gcc/testsuite/gcc.dg/pr87672.c	1970-01-01 01:00:00.000000000 +0100
+++ gcc/testsuite/gcc.dg/pr87672.c	2018-10-22 11:27:27.260549463 +0200
@@ -0,0 +1,11 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fdump-tree-optimized" } */
+
+char buf[40];
+void test (int x)
+{
+  __builtin_strcpy (buf, "test");
+  __builtin___strcat_chk (buf, "postfix" + x, sizeof (buf));
+}
+
+/* { dg-final { scan-tree-dump "memcpy_chk.*, 36\\)" "optimized" } } */

Reply via email to