From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1851) id 73A793857C4E; Wed, 10 Nov 2021 10:08:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 73A793857C4E Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Martin Liska To: gcc-cvs@gcc.gnu.org Subject: [gcc(refs/users/marxin/heads/PR-fix-lto-wrapper-memory-corruption)] lto-wrapper: fix memory corruption. X-Act-Checkin: gcc X-Git-Author: Martin Liska X-Git-Refname: refs/users/marxin/heads/PR-fix-lto-wrapper-memory-corruption X-Git-Oldrev: 75ef0353a2d31dad1bda8e35f1849024f7f1e941 X-Git-Newrev: 51c09d86974ba85997db5a86c15fb6a0d8df2bd0 Message-Id: <20211110100850.73A793857C4E@sourceware.org> Date: Wed, 10 Nov 2021 10:08:50 +0000 (GMT) X-BeenThere: gcc-cvs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-cvs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2021 10:08:50 -0000 https://gcc.gnu.org/g:51c09d86974ba85997db5a86c15fb6a0d8df2bd0 commit 51c09d86974ba85997db5a86c15fb6a0d8df2bd0 Author: Martin Liska Date: Wed Nov 10 11:07:15 2021 +0100 lto-wrapper: fix memory corruption. The first argument of merge_and_complain is actually vector where we merge options and it should be propagated to caller properly. Fixes: ==6656== Invalid read of size 8 ==6656== at 0x408056: merge_and_complain (lto-wrapper.c:335) ==6656== by 0x408056: find_and_merge_options(int, long, char const*, vec, vec*, char const*) (lto-wrapper.c:1139) ==6656== by 0x408AFC: run_gcc(unsigned int, char**) (lto-wrapper.c:1505) ==6656== by 0x4061A2: main (lto-wrapper.c:2138) ==6656== Address 0x4e69b18 is 344 bytes inside a block of size 1,768 free'd ==6656== at 0x484339F: realloc (vg_replace_malloc.c:1192) ==6656== by 0x4993C0: xrealloc (xmalloc.c:181) ==6656== by 0x406A82: reserve (vec.h:290) ==6656== by 0x406A82: reserve (vec.h:1858) ==6656== by 0x406A82: vec::safe_push(cl_decoded_option const&) [clone .isra.0] (vec.h:1967) ==6656== by 0x4077E0: merge_and_complain (lto-wrapper.c:457) ==6656== by 0x4077E0: find_and_merge_options(int, long, char const*, vec, vec*, char const*) (lto-wrapper.c:1139) ==6656== by 0x408AFC: run_gcc(unsigned int, char**) (lto-wrapper.c:1505) ==6656== by 0x4061A2: main (lto-wrapper.c:2138) ==6656== Block was alloc'd at ==6656== at 0x483E70F: malloc (vg_replace_malloc.c:380) ==6656== by 0x4993D7: xrealloc (xmalloc.c:179) ==6656== by 0x407476: reserve (vec.h:290) ==6656== by 0x407476: reserve (vec.h:1858) ==6656== by 0x407476: reserve_exact (vec.h:1878) ==6656== by 0x407476: create (vec.h:1893) ==6656== by 0x407476: get_options_from_collect_gcc_options(char const*, char const*) (lto-wrapper.c:163) ==6656== by 0x407674: find_and_merge_options(int, long, char const*, vec, vec*, char const*) (lto-wrapper.c:1132) ==6656== by 0x408AFC: run_gcc(unsigned int, char**) (lto-wrapper.c:1505) ==6656== by 0x4061A2: main (lto-wrapper.c:2138) gcc/ChangeLog: * lto-wrapper.c (merge_and_complain): Make the first argument a reference type. Diff: --- gcc/lto-wrapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gcc/lto-wrapper.c b/gcc/lto-wrapper.c index 7b9e4883f38..54f642d7692 100644 --- a/gcc/lto-wrapper.c +++ b/gcc/lto-wrapper.c @@ -224,7 +224,7 @@ merge_flto_options (vec &decoded_options, ontop of DECODED_OPTIONS. */ static void -merge_and_complain (vec decoded_options, +merge_and_complain (vec &decoded_options, vec fdecoded_options, vec decoded_cl_options) {