tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail out early for too large objects.

2019-11-29 Richard Biener <rguenther@suse.de> * tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail out early for too large objects. From-SVN: r278844

tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail out early for too large objects.
2019-11-29 Richard Biener <rguenther@suse.de> * tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail out early for too large objects. From-SVN: r278844
fb08a53b · Richard Biener · Richard Biener · af814dfa · fb08a53b · fb08a53b
Commit fb08a53b authored Nov 29, 2019 by Richard Biener Committed by Richard Biener Nov 29, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 3 deletions

gcc/ChangeLog
+5 -0

gcc/tree-ssa-sccvn.c
+10 -3

No files found.
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
+2019-11-29  Richard Biener  <rguenther@suse.de>
+
+	* tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail
+	out early for too large objects.
+
 2019-11-29  Martin Jambor  <mjambor@suse.cz>

 	PR ipa/92476
--- a/gcc/tree-ssa-sccvn.c
+++ b/gcc/tree-ssa-sccvn.c
@@ -1753,6 +1753,12 @@ void *
 vn_walk_cb_data::push_partial_def (const pd_data &pd, tree vuse,
 				   HOST_WIDE_INT maxsizei)
 {
+  const HOST_WIDE_INT bufsize = 64;
+  /* We're using a fixed buffer for encoding so fail early if the object
+     we want to interpret is bigger.  */
+  if (maxsizei > bufsize * BITS_PER_UNIT)
+    return (void *)-1;
+
  if (partial_defs.is_empty ())
    {
      partial_defs.safe_push (pd);
@@ -1823,16 +1829,17 @@ vn_walk_cb_data::push_partial_def (const pd_data &pd, tree vuse,
  /* Now simply native encode all partial defs in reverse order.  */
  unsigned ndefs = partial_defs.length ();
  /* We support up to 512-bit values (for V8DFmode).  */
-  unsigned char buffer[64];
+  unsigned char buffer[bufsize];
  int len;

  while (!partial_defs.is_empty ())
    {
      pd_data pd = partial_defs.pop ();
+      gcc_checking_assert (pd.offset < bufsize);
      if (TREE_CODE (pd.rhs) == CONSTRUCTOR)
 	/* Empty CONSTRUCTOR.  */
 	memset (buffer + MAX (0, pd.offset),
-		0, MIN ((HOST_WIDE_INT)sizeof (buffer) - MAX (0, pd.offset),
+		0, MIN (bufsize - MAX (0, pd.offset),
 			pd.size + MIN (0, pd.offset)));
      else
 	{
@@ -1847,7 +1854,7 @@ vn_walk_cb_data::push_partial_def (const pd_data &pd, tree vuse,
 	      pad = GET_MODE_SIZE (mode) - pd.size;
 	    }
 	  len = native_encode_expr (pd.rhs, buffer + MAX (0, pd.offset),
-				    sizeof (buffer) - MAX (0, pd.offset),
+				    bufsize - MAX (0, pd.offset),
 				    MAX (0, -pd.offset) + pad);
 	  if (len <= 0 || len < (pd.size - MAX (0, -pd.offset)))
 	    {