Hello!
Attached patch prevents out-of-bounds offset in the call to
simplify_subreg, where the subreg offset is taken from the offset of a
memory access. The problem triggers on 4.6 branch and is latent on 4.7
and mainline.
2013-02-10 Uros Bizjak <ubiz...@gmail.com>
PR rtl-optimization/56275
* simplify-rtx.c (avoid_constant_pool_reference): Check that
offset is non-negative and less than cmode size before
calling simplify_subreg.
testsuite/ChangeLog:
2013-02-10 Uros Bizjak <ubiz...@gmail.com>
PR rtl-optimization/56275
* gcc.dg/pr56275.c: New test.
Tested on x86_64-pc-linux-gnu {,-m32}.
OK for mainline and release branches?
Uros.
Index: simplify-rtx.c
===================================================================
--- simplify-rtx.c (revision 195931)
+++ simplify-rtx.c (working copy)
@@ -242,7 +242,8 @@ avoid_constant_pool_reference (rtx x)
/* If we're accessing the constant in a different mode than it was
originally stored, attempt to fix that up via subreg simplifications.
If that fails we have no choice but to return the original memory. */
- if (offset != 0 || cmode != GET_MODE (x))
+ if ((offset != 0 || cmode != GET_MODE (x))
+ && offset >= 0 && offset < GET_MODE_SIZE (cmode))
{
rtx tem = simplify_subreg (GET_MODE (x), c, cmode, offset);
if (tem && CONSTANT_P (tem))
Index: testsuite/gcc.dg/pr56275.c
===================================================================
--- testsuite/gcc.dg/pr56275.c (revision 0)
+++ testsuite/gcc.dg/pr56275.c (working copy)
@@ -0,0 +1,12 @@
+/* { dg-do compile } */
+/* { dg-options "-O2" } */
+/* { dg-additional-options "-mno-sse" { target { i?86-*-* x86_64-*-* } } } */
+
+typedef long long v2tw __attribute__ ((vector_size (2 * sizeof (long long))));
+
+void tiger_block_v2 (long long in1, v2tw *res)
+{
+ v2tw i1 = { in1, in1 };
+
+ *res = i1 << 1;
+}
