diff options
| author | Tom de Vries <tom@codesourcery.com> | 2013-11-27 10:00:30 +0000 |
|---|---|---|
| committer | Tom de Vries <vries@gcc.gnu.org> | 2013-11-27 10:00:30 +0000 |
| commit | e934916c8647d1e343eaacf114fdbff22dfa07a4 (patch) | |
| tree | f44d3af2f2bc8bececb8139a727cb2e3d0ec9069 /gcc/tree-cfg.c | |
| parent | ca85aa4ae60f35ae7d490abc7d3e7c68b599eb79 (diff) | |
| download | gcc-e934916c8647d1e343eaacf114fdbff22dfa07a4.zip gcc-e934916c8647d1e343eaacf114fdbff22dfa07a4.tar.gz gcc-e934916c8647d1e343eaacf114fdbff22dfa07a4.tar.bz2 | |
Don't create out-of-bounds BIT_FIELD_REF.
2013-11-27 Tom de Vries <tom@codesourcery.com>
Marc Glisse <marc.glisse@inria.fr>
PR middle-end/59037
* semantics.c (cxx_fold_indirect_ref): Don't create out-of-bounds
BIT_FIELD_REF.
* fold-const.c (fold_indirect_ref_1): Don't create out-of-bounds
BIT_FIELD_REF.
* gimple-fold.c (gimple_fold_indirect_ref): Same.
* tree-cfg.c (verify_expr): Give error if BIT_FIELD_REF is
out-of-bounds.
* c-c++-common/pr59037.c: New testcase.
Co-Authored-By: Marc Glisse <marc.glisse@inria.fr>
From-SVN: r205438
Diffstat (limited to 'gcc/tree-cfg.c')
| -rw-r--r-- | gcc/tree-cfg.c | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/gcc/tree-cfg.c b/gcc/tree-cfg.c index ab4bb09..f8937c6 100644 --- a/gcc/tree-cfg.c +++ b/gcc/tree-cfg.c @@ -2712,15 +2712,29 @@ verify_expr (tree *tp, int *walk_subtrees, void *data ATTRIBUTE_UNUSED) if (TREE_CODE (t) == BIT_FIELD_REF) { - if (!tree_fits_uhwi_p (TREE_OPERAND (t, 1)) - || !tree_fits_uhwi_p (TREE_OPERAND (t, 2))) + tree t0 = TREE_OPERAND (t, 0); + tree t1 = TREE_OPERAND (t, 1); + tree t2 = TREE_OPERAND (t, 2); + tree t0_type = TREE_TYPE (t0); + unsigned HOST_WIDE_INT t0_size = 0; + + if (tree_fits_uhwi_p (TYPE_SIZE (t0_type))) + t0_size = tree_to_uhwi (TYPE_SIZE (t0_type)); + else + { + HOST_WIDE_INT t0_max_size = max_int_size_in_bytes (t0_type); + if (t0_max_size > 0) + t0_size = t0_max_size * BITS_PER_UNIT; + } + if (!tree_fits_uhwi_p (t1) + || !tree_fits_uhwi_p (t2)) { error ("invalid position or size operand to BIT_FIELD_REF"); return t; } if (INTEGRAL_TYPE_P (TREE_TYPE (t)) && (TYPE_PRECISION (TREE_TYPE (t)) - != tree_to_uhwi (TREE_OPERAND (t, 1)))) + != tree_to_uhwi (t1))) { error ("integral result type precision does not match " "field size of BIT_FIELD_REF"); @@ -2729,12 +2743,19 @@ verify_expr (tree *tp, int *walk_subtrees, void *data ATTRIBUTE_UNUSED) else if (!INTEGRAL_TYPE_P (TREE_TYPE (t)) && TYPE_MODE (TREE_TYPE (t)) != BLKmode && (GET_MODE_PRECISION (TYPE_MODE (TREE_TYPE (t))) - != tree_to_uhwi (TREE_OPERAND (t, 1)))) + != tree_to_uhwi (t1))) { error ("mode precision of non-integral result does not " "match field size of BIT_FIELD_REF"); return t; } + if (t0_size != 0 + && tree_to_uhwi (t1) + tree_to_uhwi (t2) > t0_size) + { + error ("position plus size exceeds size of referenced object in " + "BIT_FIELD_REF"); + return t; + } } t = TREE_OPERAND (t, 0); |