From fb08a53b2eb01cc06d66f479c865aca55c91fd26 Mon Sep 17 00:00:00 2001
From: Richard Biener <rguenther@suse.de>
Date: Fri, 29 Nov 2019 13:53:10 +0000
Subject: [PATCH] tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail
 out early for too large objects.

2019-11-29  Richard Biener  <rguenther@suse.de>

	* tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail
	out early for too large objects.

From-SVN: r278844
---
 gcc/ChangeLog        |  5 +++++
 gcc/tree-ssa-sccvn.c | 13 ++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index c06d450..76fafa8 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,8 @@
+2019-11-29  Richard Biener  <rguenther@suse.de>
+
+	* tree-ssa-sccvn.c (vn_walk_cb_data::push_partial_def): Bail
+	out early for too large objects.
+
 2019-11-29  Martin Jambor  <mjambor@suse.cz>
 
 	PR ipa/92476
diff --git a/gcc/tree-ssa-sccvn.c b/gcc/tree-ssa-sccvn.c
index 8e39567..8a7e047 100644
--- a/gcc/tree-ssa-sccvn.c
+++ b/gcc/tree-ssa-sccvn.c
@@ -1753,6 +1753,12 @@ void *
 vn_walk_cb_data::push_partial_def (const pd_data &pd, tree vuse,
 				   HOST_WIDE_INT maxsizei)
 {
+  const HOST_WIDE_INT bufsize = 64;
+  /* We're using a fixed buffer for encoding so fail early if the object
+     we want to interpret is bigger.  */
+  if (maxsizei > bufsize * BITS_PER_UNIT)
+    return (void *)-1;
+
   if (partial_defs.is_empty ())
     {
       partial_defs.safe_push (pd);
@@ -1823,16 +1829,17 @@ vn_walk_cb_data::push_partial_def (const pd_data &pd, tree vuse,
   /* Now simply native encode all partial defs in reverse order.  */
   unsigned ndefs = partial_defs.length ();
   /* We support up to 512-bit values (for V8DFmode).  */
-  unsigned char buffer[64];
+  unsigned char buffer[bufsize];
   int len;
 
   while (!partial_defs.is_empty ())
     {
       pd_data pd = partial_defs.pop ();
+      gcc_checking_assert (pd.offset < bufsize);
       if (TREE_CODE (pd.rhs) == CONSTRUCTOR)
 	/* Empty CONSTRUCTOR.  */
 	memset (buffer + MAX (0, pd.offset),
-		0, MIN ((HOST_WIDE_INT)sizeof (buffer) - MAX (0, pd.offset),
+		0, MIN (bufsize - MAX (0, pd.offset),
 			pd.size + MIN (0, pd.offset)));
       else
 	{
@@ -1847,7 +1854,7 @@ vn_walk_cb_data::push_partial_def (const pd_data &pd, tree vuse,
 	      pad = GET_MODE_SIZE (mode) - pd.size;
 	    }
 	  len = native_encode_expr (pd.rhs, buffer + MAX (0, pd.offset),
-				    sizeof (buffer) - MAX (0, pd.offset),
+				    bufsize - MAX (0, pd.offset),
 				    MAX (0, -pd.offset) + pad);
 	  if (len <= 0 || len < (pd.size - MAX (0, -pd.offset)))
 	    {
-- 
2.7.4