diff options
author | David Malcolm <dmalcolm@redhat.com> | 2024-05-09 13:09:29 -0400 |
---|---|---|
committer | David Malcolm <dmalcolm@redhat.com> | 2024-05-09 13:09:29 -0400 |
commit | a1cb188cb2ca2ad3f4e837dba2967f323669d36e (patch) | |
tree | ee36cb56cd69f592266f471fb71e7774f0cf9055 | |
parent | b8c772cae97b54386f7853edf0f9897012bfa90b (diff) | |
download | gcc-a1cb188cb2ca2ad3f4e837dba2967f323669d36e.zip gcc-a1cb188cb2ca2ad3f4e837dba2967f323669d36e.tar.gz gcc-a1cb188cb2ca2ad3f4e837dba2967f323669d36e.tar.bz2 |
analyzer: fix ICE for 2 bits before the start of base region [PR112889]
Cncrete bindings were using -1 and -2 in the offset field to signify
deleted and empty hash slots, but these are valid values, leading to
assertion failures inside hash_map::put on a debug build, and probable
bugs in a release build.
(gdb) call k.dump(true)
start: -2, size: 1, next: -1
(gdb) p k.is_empty()
$6 = true
Fix by using the size field rather than the offset.
Backported from commit r14-6297-g775aeabcb870b7 (moving the testcase
from c-c++-common to gcc.dg).
gcc/analyzer/ChangeLog:
PR analyzer/112889
* store.h (concrete_binding::concrete_binding): Strengthen
assertion to require size to be be positive, rather than just
non-zero.
(concrete_binding::mark_deleted): Use size rather than start bit
offset.
(concrete_binding::mark_empty): Likewise.
(concrete_binding::is_deleted): Likewise.
(concrete_binding::is_empty): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/112889
* gcc.dg/analyzer/ice-pr112889.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
-rw-r--r-- | gcc/analyzer/store.h | 10 | ||||
-rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/ice-pr112889.c | 17 |
2 files changed, 22 insertions, 5 deletions
diff --git a/gcc/analyzer/store.h b/gcc/analyzer/store.h index 7ded650..6b06be2 100644 --- a/gcc/analyzer/store.h +++ b/gcc/analyzer/store.h @@ -368,7 +368,7 @@ public: concrete_binding (bit_offset_t start_bit_offset, bit_size_t size_in_bits) : m_bit_range (start_bit_offset, size_in_bits) { - gcc_assert (!m_bit_range.empty_p ()); + gcc_assert (m_bit_range.m_size_in_bits > 0); } bool concrete_p () const final override { return true; } @@ -409,10 +409,10 @@ public: static int cmp_ptr_ptr (const void *, const void *); - void mark_deleted () { m_bit_range.m_start_bit_offset = -1; } - void mark_empty () { m_bit_range.m_start_bit_offset = -2; } - bool is_deleted () const { return m_bit_range.m_start_bit_offset == -1; } - bool is_empty () const { return m_bit_range.m_start_bit_offset == -2; } + void mark_deleted () { m_bit_range.m_size_in_bits = -1; } + void mark_empty () { m_bit_range.m_size_in_bits = -2; } + bool is_deleted () const { return m_bit_range.m_size_in_bits == -1; } + bool is_empty () const { return m_bit_range.m_size_in_bits == -2; } private: bit_range m_bit_range; diff --git a/gcc/testsuite/gcc.dg/analyzer/ice-pr112889.c b/gcc/testsuite/gcc.dg/analyzer/ice-pr112889.c new file mode 100644 index 0000000..e90a53e --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/ice-pr112889.c @@ -0,0 +1,17 @@ +typedef unsigned char __u8; +struct sk_buff +{ + unsigned char *data; +}; +struct cpl_pass_accept_req +{ + __u8 : 6; + __u8 sack : 1; +}; +void build_cpl_pass_accept_req(struct sk_buff* skb) +{ + struct cpl_pass_accept_req* req; + skb->data -= sizeof(*req); + req = (struct cpl_pass_accept_req *)skb->data; + req->sack = 1; +} |