public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
* [gcc r11-6281] fold-const: Fix up a buffer overflow in native_encode_initializer [PR98407]
@ 2020-12-21 9:16 Jakub Jelinek
0 siblings, 0 replies; only message in thread
From: Jakub Jelinek @ 2020-12-21 9:16 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:d8aeee11af715507e61464d390f14e4f4fde61b0
commit r11-6281-gd8aeee11af715507e61464d390f14e4f4fde61b0
Author: Jakub Jelinek <jakub@redhat.com>
Date: Mon Dec 21 10:14:46 2020 +0100
fold-const: Fix up a buffer overflow in native_encode_initializer [PR98407]
For flexible array members we need to incrementally clear just from
ptr + total_bytes up to new ptr + total_bytes, but memset has been called
with the length from ptr, so was missing - total_bytes. Additionally,
in this code off is guaranteed to be -1 and thus o 0, so don't bother pretending
we could handle anything else, it would be more complicated than that.
2020-12-21 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/98407
* fold-const.c (native_encode_initializer): When handling flexible
array members, fix up computation of length for memset. Also remove
" - o" as o is always guaranteed to be 0 in this code path.
* gcc.c-torture/compile/pr98407.c: New test.
Diff:
---
gcc/fold-const.c | 6 +++---
gcc/testsuite/gcc.c-torture/compile/pr98407.c | 10 ++++++++++
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/gcc/fold-const.c b/gcc/fold-const.c
index 1694ba4554b..3a0f39a85b8 100644
--- a/gcc/fold-const.c
+++ b/gcc/fold-const.c
@@ -8280,9 +8280,9 @@ native_encode_initializer (tree init, unsigned char *ptr, int len,
return 0;
if (pos + fieldsize > total_bytes)
{
- if (ptr != NULL && total_bytes - o < len)
- memset (ptr + (total_bytes - o),
- '\0', MIN (pos + fieldsize - o, len));
+ if (ptr != NULL && total_bytes < len)
+ memset (ptr + total_bytes, '\0',
+ MIN (pos + fieldsize, len) - total_bytes);
total_bytes = pos + fieldsize;
}
}
diff --git a/gcc/testsuite/gcc.c-torture/compile/pr98407.c b/gcc/testsuite/gcc.c-torture/compile/pr98407.c
new file mode 100644
index 00000000000..29eb0803944
--- /dev/null
+++ b/gcc/testsuite/gcc.c-torture/compile/pr98407.c
@@ -0,0 +1,10 @@
+/* PR tree-optimization/98407 */
+
+struct S { int a; int b[]; };
+const struct S c = { 0, { 0 } }, d = { 0, { 0 } };
+
+int
+foo (void)
+{
+ return __builtin_memcmp (&c, &d, sizeof d);
+}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-12-21 9:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-21 9:16 [gcc r11-6281] fold-const: Fix up a buffer overflow in native_encode_initializer [PR98407] Jakub Jelinek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).