[gcc/devel/c++-modules] PR fortran/95090 - ICE: identifier overflow

public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed

* [gcc/devel/c++-modules] PR fortran/95090 - ICE: identifier overflow
@ 2020-06-11 12:59 Nathan Sidwell
  0 siblings, 0 replies; 3+ messages in thread
From: Nathan Sidwell @ 2020-06-11 12:59 UTC (permalink / raw)
  To: gcc-cvs

https://gcc.gnu.org/g:bf5fbbbd8c9a3385c1083cc80683bdb0195b1ffc

commit bf5fbbbd8c9a3385c1083cc80683bdb0195b1ffc
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Sat May 30 20:50:59 2020 +0200

    PR fortran/95090 - ICE: identifier overflow
    
    Implement buffer overrun check for temporary that holds mangled names.
    
    2020-05-30  Harald Anlauf  <anlauf@gmx.de>
    
    gcc/fortran/
            PR fortran/95090
            * class.c (get_unique_type_string): Use buffer overrun check.

Diff:
---
 gcc/fortran/class.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/gcc/fortran/class.c b/gcc/fortran/class.c
index db395624a16..afd8885a1ea 100644
--- a/gcc/fortran/class.c
+++ b/gcc/fortran/class.c
@@ -484,7 +484,14 @@ get_unique_type_string (char *string, gfc_symbol *derived)
   if (derived->attr.unlimited_polymorphic)
     strcpy (dt_name, "STAR");
   else
-    strncpy (dt_name, gfc_dt_upper_string (derived->name), sizeof (dt_name));
+    {
+      const char *upper = gfc_dt_upper_string (derived->name);
+      size_t len = strnlen (upper, sizeof (dt_name));
+      if (len >= sizeof (dt_name))
+	gfc_internal_error ("get_unique_type_string: identifier overflow");
+      memcpy (dt_name, upper, len);
+      dt_name[len] = '\0';
+    }
   if (derived->attr.unlimited_polymorphic)
     sprintf (string, "_%s", dt_name);
   else if (derived->module)


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [gcc/devel/c++-modules] PR fortran/95090 - ICE: identifier overflow
@ 2020-06-11 12:58 Nathan Sidwell
  0 siblings, 0 replies; 3+ messages in thread
From: Nathan Sidwell @ 2020-06-11 12:58 UTC (permalink / raw)
  To: gcc-cvs

https://gcc.gnu.org/g:7deca8c0b3765787627b11387b56b97b01a8bf33

commit 7deca8c0b3765787627b11387b56b97b01a8bf33
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Fri May 29 21:19:31 2020 +0200

    PR fortran/95090 - ICE: identifier overflow
    
    The initial fix for this PR uncovered several latent issues with further
    too small string buffers which showed up only when testing on i686.
    Provide sufficiently large temporaries.
    
    2020-05-29  Harald Anlauf  <anlauf@gmx.de>
    
    gcc/fortran/
            PR fortran/95090
            * class.c (get_unique_type_string): Enlarge temporary for
            name-mangling.  Use strncpy to prevent buffer overrun.
            (get_unique_hashed_string): Enlarge temporary.
            (gfc_hash_value): Enlarge temporary for name-mangling.

Diff:
---
 gcc/fortran/class.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/gcc/fortran/class.c b/gcc/fortran/class.c
index 9aa3eb7282c..db395624a16 100644
--- a/gcc/fortran/class.c
+++ b/gcc/fortran/class.c
@@ -479,11 +479,12 @@ gfc_class_initializer (gfc_typespec *ts, gfc_expr *init_expr)
 static void
 get_unique_type_string (char *string, gfc_symbol *derived)
 {
-  char dt_name[GFC_MAX_SYMBOL_LEN+1];
+  /* Provide sufficient space to hold "Pdtsymbol".  */
+  char dt_name[GFC_MAX_SYMBOL_LEN+4];
   if (derived->attr.unlimited_polymorphic)
     strcpy (dt_name, "STAR");
   else
-    strcpy (dt_name, gfc_dt_upper_string (derived->name));
+    strncpy (dt_name, gfc_dt_upper_string (derived->name), sizeof (dt_name));
   if (derived->attr.unlimited_polymorphic)
     sprintf (string, "_%s", dt_name);
   else if (derived->module)
@@ -501,7 +502,8 @@ get_unique_type_string (char *string, gfc_symbol *derived)
 static void
 get_unique_hashed_string (char *string, gfc_symbol *derived)
 {
-  char tmp[2*GFC_MAX_SYMBOL_LEN+2];
+  /* Provide sufficient space to hold "symbol_Pdtsymbol".  */
+  char tmp[2*GFC_MAX_SYMBOL_LEN+5];
   get_unique_type_string (&tmp[0], derived);
   /* If string is too long, use hash value in hex representation (allow for
      extra decoration, cf. gfc_build_class_symbol & gfc_find_derived_vtab).
@@ -523,7 +525,8 @@ unsigned int
 gfc_hash_value (gfc_symbol *sym)
 {
   unsigned int hash = 0;
-  char c[2*(GFC_MAX_SYMBOL_LEN+1)];
+  /* Provide sufficient space to hold "symbol_Pdtsymbol".  */
+  char c[2*GFC_MAX_SYMBOL_LEN+5];
   int i, len;
 
   get_unique_type_string (&c[0], sym);


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [gcc/devel/c++-modules] PR fortran/95090 - ICE: identifier overflow
@ 2020-06-11 12:52 Nathan Sidwell
  0 siblings, 0 replies; 3+ messages in thread
From: Nathan Sidwell @ 2020-06-11 12:52 UTC (permalink / raw)
  To: gcc-cvs

https://gcc.gnu.org/g:c949ec9c4e88d2ff6dbd5b179abddf3703129577

commit c949ec9c4e88d2ff6dbd5b179abddf3703129577
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Wed May 27 21:20:24 2020 +0200

    PR fortran/95090 - ICE: identifier overflow
    
    For long module name, derive type and component name, the generated
    name-mangled symbol did not fit into a buffer when coarrays were
    enabled.  Provide sufficiently large temporary.
    
    2020-05-27  Harald Anlauf  <anlauf@gmx.de>
    
    gcc/fortran/
            PR fortran/95090
            * iresolve.c (gfc_get_string): Enlarge temporary for
            name-mangling.
    
    gcc/testsuite/
            PR fortran/95090
            * gfortran.dg/pr95090.f90: New test.

Diff:
---
 gcc/fortran/iresolve.c                |  3 ++-
 gcc/testsuite/gfortran.dg/pr95090.f90 | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/gcc/fortran/iresolve.c b/gcc/fortran/iresolve.c
index 7ecb6595f59..df4f2265c58 100644
--- a/gcc/fortran/iresolve.c
+++ b/gcc/fortran/iresolve.c
@@ -47,7 +47,8 @@ along with GCC; see the file COPYING3.  If not see
 const char *
 gfc_get_string (const char *format, ...)
 {
-  char temp_name[128];
+  /* Provide sufficient space to hold "_F.caf_token__symbol_MOD_symbol".  */
+  char temp_name[14 + GFC_MAX_SYMBOL_LEN + 5 + GFC_MAX_SYMBOL_LEN + 1];
   const char *str;
   va_list ap;
   tree ident;
diff --git a/gcc/testsuite/gfortran.dg/pr95090.f90 b/gcc/testsuite/gfortran.dg/pr95090.f90
new file mode 100644
index 00000000000..ec77802ec51
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95090.f90
@@ -0,0 +1,19 @@
+! { dg-do compile }
+! { dg-options "-fcoarray=lib -fsecond-underscore" }
+! PR fortran/95090 - ICE: identifier overflow
+
+module m2345678901234567890123456789012345678901234567890123456789_123
+  type t2345678901234567890123456789012345678901234567890123456789_123 &
+      (n2345678901234567890123456789012345678901234567890123456789_123)
+     integer, len :: n2345678901234567890123456789012345678901234567890123456789_123 = 8
+  end type
+  integer :: a2345678901234567890123456789012345678901234567890123456789_123
+  integer :: b2345678901234567890123456789012345678901234567890123456789_123(3)[*]
+  data b2345678901234567890123456789012345678901234567890123456789_123 /1,2,3/
+contains
+  subroutine s2345678901234567890123456789012345678901234567890123456789_123
+    type(t2345678901234567890123456789012345678901234567890123456789_123 &
+        (n2345678901234567890123456789012345678901234567890123456789_123)) :: &
+         z2345678901234567890123456789012345678901234567890123456789_123
+   end
+end


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-06-11 12:59 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-11 12:59 [gcc/devel/c++-modules] PR fortran/95090 - ICE: identifier overflow Nathan Sidwell
  -- strict thread matches above, loose matches on Subject: below --
2020-06-11 12:58 Nathan Sidwell
2020-06-11 12:52 Nathan Sidwell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).