From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1725) id 82C4E3858C2C; Mon, 23 Aug 2021 21:00:45 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 82C4E3858C2C MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" From: William Schmidt To: gcc-cvs@gcc.gnu.org Subject: [gcc r12-3097] rs6000: Avoid buffer overruns X-Act-Checkin: gcc X-Git-Author: Bill Schmidt X-Git-Refname: refs/heads/master X-Git-Oldrev: 3d654ca3f421ff9646470d312097602037176352 X-Git-Newrev: 30c335ac44ecb4f17645925360177618763d7c48 Message-Id: <20210823210045.82C4E3858C2C@sourceware.org> Date: Mon, 23 Aug 2021 21:00:45 +0000 (GMT) X-BeenThere: gcc-cvs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-cvs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Aug 2021 21:00:45 -0000 https://gcc.gnu.org/g:30c335ac44ecb4f17645925360177618763d7c48 commit r12-3097-g30c335ac44ecb4f17645925360177618763d7c48 Author: Bill Schmidt Date: Thu Aug 19 16:07:55 2021 -0500 rs6000: Avoid buffer overruns 2021-08-19 Bill Schmidt gcc/ PR target/101830 * config/rs6000/rs6000-gen-builtins.c (consume_whitespace): Diagnose buffer overrun. (safe_inc_pos): Fix overrun detection. (match_identifier): Diagnose buffer overrun. (match_integer): Likewise. (match_to_right_bracket): Likewise. Diff: --- gcc/config/rs6000/rs6000-gen-builtins.c | 34 +++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/gcc/config/rs6000/rs6000-gen-builtins.c b/gcc/config/rs6000/rs6000-gen-builtins.c index e5d3b71b622..05b2d2939b5 100644 --- a/gcc/config/rs6000/rs6000-gen-builtins.c +++ b/gcc/config/rs6000/rs6000-gen-builtins.c @@ -597,6 +597,13 @@ consume_whitespace (void) { while (pos < LINELEN && isspace(linebuf[pos]) && linebuf[pos] != '\n') pos++; + + if (pos >= LINELEN) + { + diag ("line length overrun at %d.\n", pos); + exit (1); + } + return; } @@ -623,7 +630,7 @@ advance_line (FILE *file) static inline void safe_inc_pos (void) { - if (pos++ >= LINELEN) + if (++pos >= LINELEN) { (*diag) ("line length overrun.\n"); exit (1); @@ -636,9 +643,16 @@ static char * match_identifier (void) { int lastpos = pos - 1; - while (isalnum (linebuf[lastpos + 1]) || linebuf[lastpos + 1] == '_') + while (lastpos < LINELEN - 1 + && (isalnum (linebuf[lastpos + 1]) || linebuf[lastpos + 1] == '_')) ++lastpos; + if (lastpos >= LINELEN - 1) + { + diag ("line length overrun at %d.\n", lastpos); + exit (1); + } + if (lastpos < pos) return 0; @@ -660,9 +674,15 @@ match_integer (void) safe_inc_pos (); int lastpos = pos - 1; - while (isdigit (linebuf[lastpos + 1])) + while (lastpos < LINELEN - 1 && isdigit (linebuf[lastpos + 1])) ++lastpos; + if (lastpos >= LINELEN - 1) + { + diag ("line length overrun at %d.\n", lastpos); + exit (1); + } + if (lastpos < pos) return NULL; @@ -680,7 +700,7 @@ static const char * match_to_right_bracket (void) { int lastpos = pos - 1; - while (linebuf[lastpos + 1] != ']') + while (lastpos < LINELEN - 1 && linebuf[lastpos + 1] != ']') { if (linebuf[lastpos + 1] == '\n') { @@ -690,6 +710,12 @@ match_to_right_bracket (void) ++lastpos; } + if (lastpos >= LINELEN - 1) + { + diag ("line length overrun at %d.\n", lastpos); + exit (1); + } + if (lastpos < pos) return 0;