https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93561
Bug ID: 93561
Summary: [bounds checking] memory overflow for spill_for
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: zhongyunde at huawei dot com
Target Milestone: ---
In funcion spill_for, there is following code:
mode = PSEUDO_REGNO_MODE (regno);
...
for (i = 0; i < rclass_size; i++)
{
hard_regno = ira_class_hard_regs[rclass][i];
bitmap_clear (&spill_pseudos_bitmap);
for (j = hard_regno_nregs[hard_regno][mode] - 1; j >= 0; j--)
{
if (try_hard_reg_pseudos_check[hard_regno + j] != curr_pseudo_check)
continue;
lra_assert (!bitmap_empty_p (&try_hard_reg_pseudos[hard_regno + j]));
bitmap_ior_into (&spill_pseudos_bitmap,
&try_hard_reg_pseudos[hard_regno + j]);
}
/* Spill pseudos. */
In our DSP chip, we have 32 1-bit hard regs(every register has only 1 -bit),
used to match data type similar as bool. so it need 64 such registers for
DImode reg to spill, and hard_regno_nregs[hard_regno][DImode] return 64, and
the value hard_regno + j larger than FIRST_PSEUDO_REGISTER bring into the array
accessing of memory overflow.
should we add the following code to avoid such issue ?
for (j = hard_regno_nregs[hard_regno][mode] - 1; j >= 0; j--)
{
+++ if ((hard_regno + j) >= FIRST_PSEUDO_REGISTER)
+++ break;
if (try_hard_reg_pseudos_check[hard_regno + j] != curr_pseudo_check)
continue;
lra_assert (!bitmap_empty_p (&try_hard_reg_pseudos[hard_regno + j]));
bitmap_ior_into (&spill_pseudos_bitmap,
&try_hard_reg_pseudos[hard_regno + j]);
}
