middle-end/90648 fend off builtin calls with not enough arguments from match

This adds guards to genmatch generated code before accessing call expression or stmt arguments that might be out of bounds when the user provided bogus prototypes for what we consider builtins. 2020-02-05 Richard Biener <rguenther@suse.de> PR middle-end/90648 * genmatch.c (dt_node::gen_kids_1): Emit number of argument checks before matching calls. * gcc.dg/pr90648.c: New testcase.

middle-end/90648 fend off builtin calls with not enough arguments from match
This adds guards to genmatch generated code before accessing call expression or stmt arguments that might be out of bounds when the user provided bogus prototypes for what we consider builtins. 2020-02-05 Richard Biener <rguenther@suse.de> PR middle-end/90648 * genmatch.c (dt_node::gen_kids_1): Emit number of argument checks before matching calls. * gcc.dg/pr90648.c: New testcase.
1105cf81 · Richard Biener · 5f44a434 · 1105cf81 · 1105cf81 · 1105cf81
Commit 1105cf81 authored Feb 05, 2020 by Richard Biener
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 8 deletions

gcc/ChangeLog
+6 -0

gcc/genmatch.c
+14 -8

gcc/testsuite/ChangeLog
+6 -0

gcc/testsuite/gcc.dg/pr90648.c
+8 -0

No files found.
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
+2020-02-05  Richard Biener  <rguenther@suse.de>
+
+	PR middle-end/90648
+	* genmatch.c (dt_node::gen_kids_1): Emit number of argument
+	checks before matching calls.
+
 2020-02-05  Jakub Jelinek  <jakub@redhat.com>

 	* tree-ssa-alias.c (aliasing_matching_component_refs_p): Fix up

--- a/gcc/genmatch.c
+++ b/gcc/genmatch.c
@@ -3060,10 +3060,15 @@ dt_node::gen_kids_1 (FILE *f, int indent, bool gimple, int depth,
 	    {
 	      expr *e = as_a <expr *>(fns[i]->op);
 	      fprintf_indent (f, indent, "case %s:\n", e->operation->id);
-	      fprintf_indent (f, indent, "  {\n");
-	      fns[i]->gen (f, indent + 4, true, depth);
-	      fprintf_indent (f, indent, "    break;\n");
-	      fprintf_indent (f, indent, "  }\n");
+	      /* We need to be defensive against bogus prototypes allowing
+		 calls with not enough arguments.  */
+	      fprintf_indent (f, indent,
+			      "  if (gimple_call_num_args (_c%d) == %d)\n"
+			      "    {\n", depth, e->ops.length ());
+	      fns[i]->gen (f, indent + 6, true, depth);
+	      fprintf_indent (f, indent,
+			      "    }\n"
+			      "  break;\n");
 	    }

 	  fprintf_indent (f, indent, "default:;\n");
@@ -3125,10 +3130,11 @@ dt_node::gen_kids_1 (FILE *f, int indent, bool gimple, int depth,
 	  gcc_assert (e->operation->kind == id_base::FN);

 	  fprintf_indent (f, indent, "case %s:\n", e->operation->id);
-	  fprintf_indent (f, indent, "  {\n");
-	  generic_fns[j]->gen (f, indent + 4, false, depth);
-	  fprintf_indent (f, indent, "    break;\n");
-	  fprintf_indent (f, indent, "  }\n");
+	  fprintf_indent (f, indent, "  if (call_expr_nargs (%s) == %d)\n"
+				     "    {\n", kid_opname, e->ops.length ());
+	  generic_fns[j]->gen (f, indent + 6, false, depth);
+	  fprintf_indent (f, indent, "    }\n"
+				     "  break;\n");
 	}
      fprintf_indent (f, indent, "default:;\n");


--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
+2020-02-05  Richard Biener  <rguenther@suse.de>
+
+	PR middle-end/90648
+	* genmatch.c (dt_node::gen_kids_1): Emit number of argument
+	checks before matching calls.
+
 2020-02-05  Jakub Jelinek  <jakub@redhat.com>

 	PR middle-end/93555

--- a/gcc/testsuite/gcc.dg/pr90648.c
+++ b/gcc/testsuite/gcc.dg/pr90648.c
+/* { dg-do compile } */
+/* { dg-options "-O" } */
+
+extern double copysign ();
+double foo (double x)
+{
+  return x * copysign (); /* { dg-warning "too few arguments" } */
+}