[Bug tree-optimization/104851] New: off-by-one out-of-bound access in supports_vec_convert_optab_p, at optabs-query.cc:725

xry111 at mengyan1223 dot wang via Gcc-bugs Tue, 08 Mar 2022 19:39:12 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104851


            Bug ID: 104851
           Summary: off-by-one out-of-bound access in
                    supports_vec_convert_optab_p, at optabs-query.cc:725
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: xry111 at mengyan1223 dot wang
  Target Milestone: ---

We have:

723:  int end = mode == VOIDmode ? MAX_MACHINE_MODE : mode;
724:  for (int i = start; i <= end; ++i)
725:    if (VECTOR_MODE_P ((machine_mode) i))

Line 725, eventually expands to access mode_class[MAX_MACHINE_MODE] at the last
iteration when mode is VOIDmode.  However, the number of elements of mode_class
is NUM_MACHINE_MODES, which equals to MAX_MACHINE_MODE.  This causes ubsan
alerts like:

../../gcc/gcc/optabs-query.cc:725:9: runtime error: index 69 out of bounds for
type 'unsigned char [69]'
../../gcc/gcc/optabs-query.cc:725:9: runtime error: load of address
0x0126faa83d with insufficient space for an object of type 'const unsigned
char'

[Bug tree-optimization/104851] New: off-by-one out-of-bound access in supports_vec_convert_optab_p, at optabs-query.cc:725

Reply via email to