[Bug preprocessor/67046] New: Segmentation fault when a preprocessor directive follows the argument to _Pragma

[Bug preprocessor/67046] New: Segmentation fault when a preprocessor directive follows the argument to _Pragma

[dsabogal.ufl at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67046

            Bug ID: 67046
           Summary: Segmentation fault when a preprocessor directive
                    follows the argument to _Pragma
           Product: gcc
           Version: 5.2.0
            Status: UNCONFIRMED
          Severity: minor
          Priority: P3
         Component: preprocessor
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dsabogal.ufl at gmail dot com
  Target Milestone: ---

This issue arises from the following (intricate) code. It works when the string
literal doesn't new begin on a newline.


Failing
=======
_Pragma(
"message(\"msg\")"
#
)
int main(void) { return 0; }


Working
=======
_Pragma("message(\"msg\")"
#
)
int main(void) { return 0; }


Output
======
$ gcc -E test.c
# 1 "test.c"
# 1 "<built-in>"
# 1 "<command-line>"
# 1 "/usr/include/stdc-predef.h" 1 3 4
# 1 "<command-line>" 2
# 1 "test.c"



gcc: internal compiler error: Segmentation fault (program cc1)
Please submit a full bug report,
with preprocessed source if appropriate.
See <https://bugs.archlinux.org/> for instructions.


Version
=======
This issue occurs on the few compilers that I've tried (4.9.2 and 5.2.0).

Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-unknown-linux-gnu/5.2.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: /build/gcc/src/gcc-5.2.0/configure --prefix=/usr
--libdir=/usr/lib --libexecdir=/usr/lib --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=https://bugs.archlinux.org/
--enable-languages=c,c++,ada,fortran,go,lto,objc,obj-c++ --enable-shared
--enable-threads=posix --enable-libmpx --with-system-zlib --with-isl
--enable-__cxa_atexit --disable-libunwind-exceptions --enable-clocale=gnu
--disable-libstdcxx-pch --disable-libssp --enable-gnu-unique-object
--enable-linker-build-id --enable-lto --enable-plugin
--enable-install-libiberty --with-linker-hash-style=gnu
--enable-gnu-indirect-function --disable-multilib --disable-werror
--enable-checking=release --with-default-libstdcxx-abi=gcc4-compatible
Thread model: posix
gcc version 5.2.0 (GCC)

[Bug preprocessor/67046] [9/10/11/12 Regression] Segmentation fault when a preprocessor directive follows the argument to _Pragma

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67046

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to work|                            |4.1.2, 4.4.7
     Ever confirmed|0                           |1
           Keywords|                            |ice-on-valid-code
            Summary|Segmentation fault when a   |[9/10/11/12 Regression]
                   |preprocessor directive      |Segmentation fault when a
                   |follows the argument to     |preprocessor directive
                   |_Pragma                     |follows the argument to
                   |                            |_Pragma
      Known to fail|                            |4.5.3
   Target Milestone|---                         |9.5
   Last reconfirmed|                            |2021-12-06
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Confirmed.

[Bug preprocessor/67046] [9/10/11/12 Regression] Segmentation fault when a preprocessor directive follows the argument to _Pragma

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67046

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P2

[Bug preprocessor/67046] [10/11/12/13 Regression] Segmentation fault when a preprocessor directive follows the argument to _Pragma

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67046

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|9.5                         |10.4

--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 9 branch is being closed

[Bug preprocessor/67046] [10/11/12/13 Regression] Segmentation fault when a preprocessor directive follows the argument to _Pragma

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67046

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|10.4                        |10.5

--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 10.4 is being released, retargeting bugs to GCC 10.5.

[Bug preprocessor/67046] [10/11/12/13 Regression] Segmentation fault when a preprocessor directive follows the argument to _Pragma

[lhyatt at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67046

Lewis Hyatt <lhyatt at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lhyatt at gcc dot gnu.org

--- Comment #4 from Lewis Hyatt <lhyatt at gcc dot gnu.org> ---
By default, libcpp reuses token buffers whenever it begins a new line.
get__Pragma_string() in directives.cc doesn't account for this, and so the
string token it obtains is overwritten by the paren token if the paren token is
not on the same line. If the no-op directive is removed as in:

=======
_Pragma(
"message(\"msg\")"
)
=======

Then it ends up returning a "weird" string token with type set to
CPP_CLOSE_PAREN, but with still-valid string contents because the lexing of a
paren token does not touch the rest of the data. So by chance it all ends up
working. But interposing an empty directive there makes it not to work, the
string contents get cleared out and destringize_and_run() ends up seeing a
string token with length 0 which it does not expect and calls alloca() with -1.

The fix is just to use the existing keep_tokens mechanism to avoid invalidating
the token. I am testing this patch now and will follow up.

diff --git a/libcpp/directives.cc b/libcpp/directives.cc
index 9dc4363c65a..15de1826373 100644
--- a/libcpp/directives.cc
+++ b/libcpp/directives.cc
@@ -1840,7 +1840,7 @@ get_token_no_padding (cpp_reader *pfile)
 /* Check syntax is "(string-literal)".  Returns the string on success,
    or NULL on failure.  */
 static const cpp_token *
-get__Pragma_string (cpp_reader *pfile)
+get__Pragma_string_1 (cpp_reader *pfile)
 {
   const cpp_token *string;
   const cpp_token *paren;
@@ -1868,6 +1868,17 @@ get__Pragma_string (cpp_reader *pfile)
   return string;
 }

+/* Make sure we don't invalidate the string token, if the parenthesis
+   ended up on a different line.  */
+static const cpp_token *
+get__Pragma_string (cpp_reader *pfile)
+{
+  ++pfile->keep_tokens;
+  const auto result = get__Pragma_string_1 (pfile);
+  --pfile->keep_tokens;
+  return result;
+}
+
 /* Destringize IN into a temporary buffer, by removing the first \ of
    \" and \\ sequences, and process the result as a #pragma directive.  */
 static void

[Bug preprocessor/67046] [10/11/12/13 Regression] Segmentation fault when a preprocessor directive follows the argument to _Pragma

[lhyatt at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67046

--- Comment #5 from Lewis Hyatt <lhyatt at gcc dot gnu.org> ---
The patch was submitted for review here:
https://gcc.gnu.org/pipermail/gcc-patches/2023-January/609951.html

[Bug preprocessor/67046] [10/11/12/13 Regression] Segmentation fault when a preprocessor directive follows the argument to _Pragma

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67046

--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Lewis Hyatt <lhyatt@gcc.gnu.org>:

https://gcc.gnu.org/g:336ce497fb266268a79544f00dd3bbd24cf3a4d6

commit r13-6631-g336ce497fb266268a79544f00dd3bbd24cf3a4d6
Author: Lewis Hyatt <lhyatt@gmail.com>
Date:   Sat Jan 14 13:29:22 2023 -0500

    libcpp: Fix ICE on directive inside _Pragma() operator [PR67046]

    get__Pragma_string() in directives.cc is responsible for lexing the parens
    and the string argument from a _Pragma("...") operator. This function does
    not handle the case when the closing paren is not on the same line as the
    string; in that case, libcpp will by default reuse the token buffer it
    previously used for the string, so that the string token returned by
    get__Pragma_string() may be corrupted, as shown in the testcase. Fix using
    the existing keep_tokens mechanism that temporarily disables the reuse of
    token buffers.

    libcpp/ChangeLog:

            PR preprocessor/67046
            * directives.cc (_cpp_do__Pragma): Increment pfile->keep_tokens to
            ensure the returned string token is valid.

    gcc/testsuite/ChangeLog:

            PR preprocessor/67046
            * c-c++-common/cpp/pr67046.c: New test.

[Bug preprocessor/67046] [10/11/12/13 Regression] Segmentation fault when a preprocessor directive follows the argument to _Pragma

[lhyatt at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67046

Lewis Hyatt <lhyatt at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #7 from Lewis Hyatt <lhyatt at gcc dot gnu.org> ---
Fixed for GCC 13.