git.ipfire.org Git - thirdparty/gcc.git/commit

author	Richard Biener <rguenther@suse.de>
	Fri, 10 May 2024 12:19:49 +0000 (14:19 +0200)
committer	Richard Biener <rguenther@suse.de>
	Fri, 10 May 2024 13:43:47 +0000 (15:43 +0200)
commit	34d15a4d630a0d54eddb99bdab086c506e10dac5
tree	e4d83dc268f2ac92fa04241bc8a1cc1213c6d6db	tree
parent	52d4691294c84793b301ad3cc24e277b8c7efe0b	commit \| diff

tree-optimization/114998 - use-after-free with loop distribution

When loop distribution releases a PHI node of the original IL it
can end up clobbering memory that's re-used when it upon releasing
its RDG resets all stmt UIDs back to -1, even those that got released.

The fix is to avoid resetting UIDs based on stmts in the RDG but
instead reset only those still present in the loop.

PR tree-optimization/114998
* tree-loop-distribution.cc (free_rdg): Take loop argument.
Reset UIDs of stmts still in the IL rather than all stmts
referenced from the RDG.
(loop_distribution::build_rdg): Pass loop to free_rdg.
(loop_distribution::distribute_loop): Likewise.
(loop_distribution::transform_reduction_loop): Likewise.

* gcc.dg/torture/pr114998.c: New testcase.

gcc/testsuite/gcc.dg/torture/pr114998.c	[new file with mode: 0644]	blob
gcc/tree-loop-distribution.cc		diff \| blob \| blame \| history