http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47311
--- Comment #16 from Pawel Sikora <pluto at agmk dot net> 2011-01-17 18:05:15 UTC --- (In reply to comment #15) > (In reply to comment #10) > > But it never checks the buffer end. It looks bogus to me. > > Read the comment at the beginning of the section. This is an aligned > read before END, and thus will never fault. We are guaranteed to find > an end-of-line character at the end of the buffer, so we will never > search past END. on valgrind-3.6.0 patched with https://bugs.kde.org/show_bug.cgi?id=262995#c3 with its emulated cpu i got an invalid access in search_line_sse42: $ valgrind --leak-check=no --trace-children=yes g++46 testcase2.cpp -std=gnu++0x -Wall -c ==5266== Memcheck, a memory error detector ==5266== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==5266== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info ==5266== Command: g++46 testcase2.cpp -std=gnu++0x -Wall -c ==5266== ==5267== Memcheck, a memory error detector ==5267== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==5267== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info ==5267== Command: /opt/gcc46/libexec/gcc/x86_64-unknown-linux-gnu/4.6.0/cc1plus -quiet -D_GNU_SOURCE testcase2.cpp -quiet -dumpbase testcase2.cpp -mtune=generic -march=core2 -auxbase testcase2 -Wall -std=gnu++0x -o /home/users/pluto/tmp/cc1d2Wcp.s ==5267== ==5267== Invalid read of size 8 ==5267== at 0x11E4E24: search_line_sse42(unsigned char const*, unsigned char const*) (lex.c:462) ==5267== by 0x11E4F4E: _cpp_clean_line (lex.c:665) ==5267== by 0x11E5957: _cpp_get_fresh_line (lex.c:1884) ==5267== by 0x11E713D: _cpp_lex_direct (lex.c:1949) ==5267== by 0x11E7FF6: _cpp_lex_token (lex.c:1823) ==5267== by 0x11EA6A7: cpp_get_token(cpp_reader*) (macro.c:1240) ==5267== by 0x11EA93F: cpp_get_token_with_location(cpp_reader*, unsigned int*) (macro.c:1352) ==5267== by 0x6799B2: c_lex_with_flags(tree_node**, unsigned int*, unsigned char*, int) (c-lex.c:302) ==5267== by 0x57DA7F: cp_lexer_get_preprocessor_token(cp_lexer*, cp_token*) (parser.c:549) ==5267== by 0x5A571A: c_parse_file() (parser.c:425) ==5267== by 0x67F4E4: c_common_parse_file() (c-opts.c:1071) ==5267== by 0xA07F57: toplev_main(int, char**) (toplev.c:579) ==5267== Address 0x629b7e0 is 112 bytes inside a block of size 114 alloc'd ==5267== at 0x4C25322: realloc (vg_replace_malloc.c:525) ==5267== by 0x120EDAC: xrealloc (xmalloc.c:179) ==5267== by 0x11D975F: _cpp_convert_input (charset.c:1734) ==5267== by 0x11E1AF2: read_file(cpp_reader*, _cpp_file*) (files.c:652) ==5267== by 0x11E2D5A: _cpp_stack_file (files.c:723) ==5267== by 0x11E4690: cpp_read_main_file(cpp_reader*, char const*) (init.c:570) ==5267== by 0x67EBE6: c_common_post_options(char const**) (c-opts.c:1010) ==5267== by 0xA0732A: toplev_main(int, char**) (toplev.c:1283) ==5267== by 0x5EBDCBC: (below main) (libc-start.c:226) 454│ /* Main loop, processing 16 bytes at a time. By doing the whole loop 455│ in inline assembly, we can make proper use of the flags set. */ 456│ __asm ( "sub $16, %1\n" 457│ " .balign 16\n" 458│ "0: add $16, %1\n" 459│ " %vpcmpestri $0, (%1), %2\n" 460│ " jnc 0b" 461│ : "=&c"(index), "+r"(s) 462├> : "x"(search), "a"(4), "d"(16)); (gdb) p/x s $1 = 0x629b7e0 (gdb) p/x end $2 = 0x629b7e1 (gdb) p/x search $4 = {0xa, 0xd, 0x3f, 0x5c, 0x0 <repeats 12 times>}
