From: rguenth Date: Tue, 25 May 2010 15:49:34 +0000 (+0000) Subject: 2010-05-25 Richard Guenther X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78af26dcfa6f511ad1c98690f8f81c9e9074b395;p=thirdparty%2Fgcc.git 2010-05-25 Richard Guenther PR middle-end/44069 * gimple-fold.c (maybe_fold_stmt_addition): Avoid generating out-of-bounds array accesses. * g++.dg/torture/pr44069.C: New testcase. git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@159824 138bc75d-0d04-0410-961f-82ee72b054a4 --- diff --git a/gcc/ChangeLog b/gcc/ChangeLog index 3a7e80c1a8e5..02fb290b8339 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,9 @@ +2010-05-25 Richard Guenther + + PR middle-end/44069 + * gimple-fold.c (maybe_fold_stmt_addition): Avoid generating + out-of-bounds array accesses. + 2010-05-25 Richard Guenther * lto-wrapper.c (nr, input_names, output_names, makefile): Globalize. diff --git a/gcc/gimple-fold.c b/gcc/gimple-fold.c index 4fb1b3f0ba7a..e74f52457d83 100644 --- a/gcc/gimple-fold.c +++ b/gcc/gimple-fold.c @@ -640,6 +640,18 @@ maybe_fold_stmt_addition (location_t loc, tree res_type, tree op0, tree op1) if (!is_gimple_assign (offset_def)) return NULL_TREE; + /* As we will end up creating a variable index array access + in the outermost array dimension make sure there isn't + a more inner array that the index could overflow to. */ + if (TREE_CODE (TREE_OPERAND (op0, 0)) == ARRAY_REF) + return NULL_TREE; + + /* Do not build array references of something that we can't + see the true number of array dimensions for. */ + if (!DECL_P (TREE_OPERAND (op0, 0)) + && !handled_component_p (TREE_OPERAND (op0, 0))) + return NULL_TREE; + if (gimple_assign_rhs_code (offset_def) == MULT_EXPR && TREE_CODE (gimple_assign_rhs2 (offset_def)) == INTEGER_CST && tree_int_cst_equal (gimple_assign_rhs2 (offset_def), diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index a65db83dc41c..42e23ab5c70b 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,8 @@ +2010-05-25 Richard Guenther + + PR middle-end/44069 + * g++.dg/torture/pr44069.C: New testcase. + 2010-05-25 Richard Guenther * gcc.dg/tree-ssa/sra-10.c: Do not dump esra details. diff --git a/gcc/testsuite/g++.dg/torture/pr44069.C b/gcc/testsuite/g++.dg/torture/pr44069.C new file mode 100644 index 000000000000..99fcd173e27b --- /dev/null +++ b/gcc/testsuite/g++.dg/torture/pr44069.C @@ -0,0 +1,25 @@ +/* { dg-do run } */ + +template +class M { +public: + M(const int* arr) { + for (unsigned long r = 0; r < R; ++r) + for (unsigned long c = 0; c < C; ++c) + m[r*C+c] = arr[r*C+c]; + } + int operator()(unsigned r, unsigned c) const + { return m[r*C+c]; } +private: + int m[R*C]; +}; +extern "C" void abort (void); +int main() +{ + int vals[2][2] = { { 1, 2 }, { 5, 6 } }; + M<2,2> m( &(vals[0][0]) ); + if (m(1,0) != 5) + abort (); + return 0; +} +