Bug ID: 84831
           Summary: Invalid memory read in parse_output_constraint
           Product: gcc
           Version: 8.0.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot
          Reporter: at gmail dot com
  Target Milestone: ---

parse_output_constraint has

  /* Loop through the constraint string.  */
  for (p = constraint + 1; *p; p += CONSTRAINT_LEN (*p, p))

#define CONSTRAINT_LEN(c_,s_) insn_constraint_len (c_,s_)

On x86, there are

static inline size_t
insn_constraint_len (char fc, const char *str ATTRIBUTE_UNUSED)
  switch (fc)
    case 'B': return 2;
    case 'T': return 2;
    case 'W': return 2;
    case 'Y': return 2;
    default: break;
  return 1;


  asm volatile ("" : "+T,Y" (b));

parse_output_constraint doesn't check if p += CONSTRAINT_LEN (*p, p)
is beyond the end of string.

Reply via email to