From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <anlauf@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2071)
 id 0FBFD3951C9F; Thu, 11 Jun 2020 14:20:19 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0FBFD3951C9F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
 s=default; t=1591885219;
 bh=W68uvh5IxFoBI2winKNvhMK2B3Yz/s2LrFTH9wqcR6g=;
 h=From:To:Subject:Date:From;
 b=X2E3JjObPbPu9UqtlBKN4jtqwi11VpsWalZH+d3tbMgYsET1qaOWuPsxDDKHfIeoW
 vmXA9nx4MWo1qfqecu1rHpdTrDUWUjlnOJn2R3Y6vuHHzqHsvI4JgtkjLMpBpU5o6O
 lefivRNmN3cwwj/mlZdA2LFThXpSt4TRrGRiAIf0=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Harald Anlauf <anlauf@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r9-8665] PR fortran/95091 - Buffer overflows with submodules and
 long symbols
X-Act-Checkin: gcc
X-Git-Author: Harald Anlauf <anlauf@gmx.de>
X-Git-Refname: refs/heads/releases/gcc-9
X-Git-Oldrev: cb05b2d55fbf6c909ce7f96f9fad272873c8efe6
X-Git-Newrev: abfe42c1fb66a534290bd0a808c2d90842ee848b
Message-Id: <20200611142019.0FBFD3951C9F@sourceware.org>
Date: Thu, 11 Jun 2020 14:20:19 +0000 (GMT)
X-BeenThere: gcc-cvs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-cvs mailing list <gcc-cvs.gcc.gnu.org>
List-Unsubscribe: <http://gcc.gnu.org/mailman/options/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-cvs/>
List-Help: <mailto:gcc-cvs-request@gcc.gnu.org?subject=help>
List-Subscribe: <http://gcc.gnu.org/mailman/listinfo/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 14:20:19 -0000

https://gcc.gnu.org/g:abfe42c1fb66a534290bd0a808c2d90842ee848b

commit r9-8665-gabfe42c1fb66a534290bd0a808c2d90842ee848b
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Sun Jun 7 14:47:24 2020 +0200

    PR fortran/95091 - Buffer overflows with submodules and long symbols
    
    With submodules, name mangling results in long internal symbols.  This
    requires adjustment of the sizes of temporaries to avoid buffer overflows.
    
    2020-06-07  Harald Anlauf  <anlauf@gmx.de>
    
    gcc/fortran/
            PR fortran/95091
            * class.c (get_unique_type_string, gfc_hash_value): Enlarge
            buffers, and check whether the strings returned by
            get_unique_type_string() fit.
    
    (cherry picked from commit b342cfd648e6658363c7c8fef83af8f59dba1795)

Diff:
---
 gcc/fortran/class.c                   | 11 ++++++++---
 gcc/testsuite/gfortran.dg/pr95091.f90 | 19 +++++++++++++++++++
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/gcc/fortran/class.c b/gcc/fortran/class.c
index a8698f19cfb..1c1211a997e 100644
--- a/gcc/fortran/class.c
+++ b/gcc/fortran/class.c
@@ -501,8 +501,11 @@ get_unique_type_string (char *string, gfc_symbol *derived)
 static void
 get_unique_hashed_string (char *string, gfc_symbol *derived)
 {
-  char tmp[2*GFC_MAX_SYMBOL_LEN+2];
+  /* Provide sufficient space to hold "symbol.symbol_symbol".  */
+  char tmp[3*GFC_MAX_SYMBOL_LEN+3];
   get_unique_type_string (&tmp[0], derived);
+  size_t len = strnlen (tmp, sizeof (tmp));
+  gcc_assert (len < sizeof (tmp));
   /* If string is too long, use hash value in hex representation (allow for
      extra decoration, cf. gfc_build_class_symbol & gfc_find_derived_vtab).
      We need space to for 15 characters "__class_" + symbol name + "_%d_%da",
@@ -523,11 +526,13 @@ unsigned int
 gfc_hash_value (gfc_symbol *sym)
 {
   unsigned int hash = 0;
-  char c[2*(GFC_MAX_SYMBOL_LEN+1)];
+  /* Provide sufficient space to hold "symbol.symbol_symbol".  */
+  char c[3*GFC_MAX_SYMBOL_LEN+3];
   int i, len;
 
   get_unique_type_string (&c[0], sym);
-  len = strlen (c);
+  len = strnlen (c, sizeof (c));
+  gcc_assert (len < sizeof (c));
 
   for (i = 0; i < len; i++)
     hash = (hash << 6) + (hash << 16) - hash + c[i];
diff --git a/gcc/testsuite/gfortran.dg/pr95091.f90 b/gcc/testsuite/gfortran.dg/pr95091.f90
new file mode 100644
index 00000000000..1c48dca2f4a
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95091.f90
@@ -0,0 +1,19 @@
+! { dg-do compile }
+! { dg-options "-fsecond-underscore" }
+! PR fortran/95091 - ICE in gfc_hash_value
+
+module m2345678901234567890123456789012345678901234567890123456789_123
+  type t2345678901234567890123456789012345678901234567890123456789_123
+  end type t2345678901234567890123456789012345678901234567890123456789_123
+  interface
+     module subroutine s2345678901234567890123456789012345678901234567890123456789_123 &
+          (x2345678901234567890123456789012345678901234567890123456789_123)
+    end
+  end interface
+end
+submodule(m2345678901234567890123456789012345678901234567890123456789_123) &
+     n2345678901234567890123456789012345678901234567890123456789_123
+  type, extends(t2345678901234567890123456789012345678901234567890123456789_123) :: &
+    u2345678901234567890123456789012345678901234567890123456789_123
+  end type
+end