re PR target/45843 (__builtin_va_arg overwrites into adjacent stack location)

author Jakub Jelinek <jakub@redhat.com>

Thu, 30 Sep 2010 20:21:28 +0000 (22:21 +0200)

committer Jakub Jelinek <jakub@gcc.gnu.org>

Thu, 30 Sep 2010 20:21:28 +0000 (22:21 +0200)
author Jakub Jelinek <jakub@redhat.com>
Thu, 30 Sep 2010 20:21:28 +0000 (22:21 +0200)
committer Jakub Jelinek <jakub@gcc.gnu.org>
Thu, 30 Sep 2010 20:21:28 +0000 (22:21 +0200)
diff --git a/gcc/ChangeLog b/gcc/ChangeLog

index 7795da141d5318f764962de82f09bc22b4f6d6a6..b82c99de6e81bd2e83e23053849bd9740ccefab7 100644 (file)
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,9 @@
+2010-09-30  Jakub Jelinek  <jakub@redhat.com>
+
+       PR target/45843
+       * config/i386/i386.c (ix86_gimplify_va_arg): Use
+       INTVAL (XEXP (slot, 1)) as prev_size.
+
  2010-09-30  Michael Meissner  <meissner@linux.vnet.ibm.com>
  
         PR target/45837
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c

index c36ad74b157087aaca17c71c4859d0bb8fe9dd60..0998f314975ef53fb53e20b9f66ae2862deb06c4 100644 (file)
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -7524,6 +7524,8 @@ ix86_gimplify_va_arg (tree valist, tree type, gimple_seq *pre_p,
               tree dest_addr, dest;
               int cur_size = GET_MODE_SIZE (mode);
  
+             gcc_assert (prev_size <= INTVAL (XEXP (slot, 1)));
+             prev_size = INTVAL (XEXP (slot, 1));
               if (prev_size + cur_size > size)
                 {
                   cur_size = size - prev_size;
@@ -7556,7 +7558,7 @@ ix86_gimplify_va_arg (tree valist, tree type, gimple_seq *pre_p,
  
               dest_addr = fold_convert (daddr_type, addr);
               dest_addr = fold_build2 (POINTER_PLUS_EXPR, daddr_type, dest_addr,
-                                      size_int (INTVAL (XEXP (slot, 1))));
+                                      size_int (prev_size));
               if (cur_size == GET_MODE_SIZE (mode))
                 {
                   src = build_va_arg_indirect_ref (src_addr);
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog

index 71f97849ff09a554e48ee7875ba7146eb0bc238f..e3ffb188d8b4eebc1cacfc3d8d254015d26eaf15 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2010-09-30  Jakub Jelinek  <jakub@redhat.com>
+
+       PR target/45843
+       * g++.dg/torture/pr45843.C: New test.
+
  2010-09-30  Janus Weil  <janus@gcc.gnu.org>
  
         PR fortran/45828
diff --git a/gcc/testsuite/g++.dg/torture/pr45843.C b/gcc/testsuite/g++.dg/torture/pr45843.C

new file mode 100644 (file)

index 0000000..f77b8cb
--- /dev/null
+++ b/gcc/testsuite/g++.dg/torture/pr45843.C
@@ -0,0 +1,28 @@
+// PR target/45843
+// { dg-do run }
+
+#include <stdarg.h>
+
+extern "C" void abort ();
+struct S { struct T { } a[14]; char b; };
+struct S arg, s;
+
+void
+foo (int z, ...)
+{
+  char c;
+  va_list ap;
+  va_start (ap, z);
+  c = 'a';
+  arg = va_arg (ap, struct S);
+  if (c != 'a')
+    abort ();
+  va_end (ap);
+}
+
+int
+main ()
+{
+  foo (1, s);
+  return 0;
+}
author	Jakub Jelinek <jakub@redhat.com>
	Thu, 30 Sep 2010 20:21:28 +0000 (22:21 +0200)
committer	Jakub Jelinek <jakub@gcc.gnu.org>
	Thu, 30 Sep 2010 20:21:28 +0000 (22:21 +0200)
gcc/ChangeLog		patch \| blob \| blame \| history
gcc/config/i386/i386.c		patch \| blob \| blame \| history
gcc/testsuite/ChangeLog		patch \| blob \| blame \| history
gcc/testsuite/g++.dg/torture/pr45843.C	[new file with mode: 0644]	patch \| blob