On Tue, 2020-01-28 at 00:33 +0100, Jakub Jelinek wrote:
> Hi!
>
> libgcrypt FAILs to build on aarch64-linux with
> *** stack smashing detected ***: terminated
> when gcc is compiled with -D_FORTIFY_SOURCE=2. The problem is if
> fold_array_ctor_reference is called with size equal to or very close to
> MAX_BITSIZE_MODE_ANY_MODE bits and non-zero inner_offset.
> The first native_encode_expr is called with that inner_offset and bufoff 0,
> the subsequent ones with offset of 0, and bufoff elt_size - inner_offset,
> 2 * elt_size - inner_offset etc. So, e.g. on the testcase where we start
> with inner_offset 1 and size is e.g. 256 bytes and elt_size 4 bytes
> we then call native_encode_expr at bufoff 251 and then 255, but that one
> overwrites 3 bytes beyond the buf array.
> The following patch fixes that. In addition, it avoids calling
> elt_size.to_uhwi () all the time, and punts if elt_sz would be too large.
>
> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
>
> 2020-01-28 Jakub Jelinek <ja...@redhat.com>
>
> PR tree-optimization/93454
> * gimple-fold.c (fold_array_ctor_reference): Perform
> elt_size.to_uhwi () just once, instead of calling it in every
> iteration. Punt if that value is above size of the temporary
> buffer. Decrease third native_encode_expr argument when
> bufoff + elt_sz is above size of buf.
>
> * gcc.dg/pr93454.c: New test.
OK
jeff
>
