https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101453
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2021-07-14
Assignee|unassigned at gcc dot gnu.org |pinskia at gcc dot
gnu.org
Keywords| |ice-on-invalid-code
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0 |1
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
This is a buffer overflow.
char buffer[20];
sprintf (buffer, "-O%ld", (long) TREE_INT_CST_LOW (value));
vec_safe_push (optimize_args, ggc_strdup (buffer));
so a 64bit signed integer max takes 20 bytes. Add in "-O", you are up to 22
bytes and then add the null, you are at 23 bytes.
So the fix is simple just increase buffer to be 23.
so maybe a better definition is:
char buffer[((int)((sizeof(long)*CHARBITS)/3.32))+1+3];
The magic 3.32 is log(10)/log(2) that is for every base 10 digit, it takes
~3.32 bits to represent.
The first +1 is a round up because the cast is truncating. The +3 is for "-O"
part including the null character.
