[committed] d: Fix ICE in when formating a string with '%' or '`' characters (PR98457)

[committed] d: Fix ICE in when formating a string with '%' or '`' characters (PR98457)

[Iain Buclaw]

Hi,

This patch fixes an ICE that occurred in the D front-end diagnostic
handlers.  The percentage character was being confused for a format
specifier in pp_format(), whilst the backtick character was confused for
the beginning of a quoted string in expand_d_format().

Both are now properly escaped to avoid the ICE.

Bootstrapped and regression tested on x86_64-linux-gnu/-m32/-mx32, and
committed to mainline.

Will also be preparing a backport to the gcc-10 and gcc-9 release
branches, as the bug is reproducible there as well.

Regards,
Iain.

---
gcc/d/ChangeLog:

	PR d/98457
	* d-diagnostic.cc (expand_d_format): Handle escaped backticks.
	(escape_d_format): New funtion.
	(verror): Call escape_d_format on prefixing strings.
	(vdeprecation): Likewise.

gcc/testsuite/ChangeLog:

	PR d/98457
	* gdc.dg/pr98457.d: New test.
---
 gcc/d/d-diagnostic.cc          | 64 +++++++++++++++++++++++++++++++---
 gcc/testsuite/gdc.dg/pr98457.d |  9 +++++
 2 files changed, 68 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gdc.dg/pr98457.d

diff --git a/gcc/d/d-diagnostic.cc b/gcc/d/d-diagnostic.cc
index 3bf5a535edd..7043abe10bd 100644
--- a/gcc/d/d-diagnostic.cc
+++ b/gcc/d/d-diagnostic.cc
@@ -48,7 +48,7 @@ expand_d_format (const char *format)
 
   for (const char *p = format; *p;)
     {
-      while (*p != '\0' && *p != '%' && *p != '`')
+      while (*p != '\0' && *p != '\\' && *p != '%' && *p != '`')
 	{
 	  obstack_1grow (&buf, *p);
 	  p++;
@@ -57,6 +57,21 @@ expand_d_format (const char *format)
       if (*p == '\0')
 	break;
 
+      if (*p == '\\')
+	{
+	  if (p[1] == '`')
+	    {
+	      /* Escaped backtick, don't expand it as a quoted string.  */
+	      obstack_1grow (&buf, '`');
+	      p++;;
+	    }
+	  else
+	    obstack_1grow (&buf, *p);
+
+	  p++;
+	  continue;
+	}
+
       if (*p == '`')
 	{
 	  /* Text enclosed by `...` are translated as a quoted string.  */
@@ -114,6 +129,43 @@ expand_d_format (const char *format)
   return (char *) obstack_finish (&buf);
 }
 
+/* Rewrite the format string FORMAT to deal with any characters that require
+   escaping before expand_d_format expands it.  */
+
+static char *
+escape_d_format (const char *format)
+{
+  obstack buf;
+
+  gcc_obstack_init (&buf);
+
+  for (const char *p = format; *p; p++)
+    {
+      switch (*p)
+	{
+	case '%':
+	  /* Escape `%' characters so that pp_format does not confuse them
+	     for actual format specifiers.  */
+	  obstack_1grow (&buf, '%');
+	  break;
+
+	case '`':
+	  /* Escape '`' characters so that expand_d_format does not confuse them
+	     for a quoted string.  */
+	  obstack_1grow (&buf, '\\');
+	  break;
+
+	default:
+	  break;
+	}
+
+      obstack_1grow (&buf, *p);
+    }
+
+  obstack_1grow (&buf, '\0');
+  return (char *) obstack_finish (&buf);
+}
+
 /* Helper routine for all error routines.  Reports a diagnostic specified by
    KIND at the explicit location LOC.  The message FORMAT comes from the dmd
    front-end, which does not get translated by the gcc diagnostic routines.  */
@@ -177,9 +229,10 @@ verror (const Loc &loc, const char *format, va_list ap,
 
       /* Build string and emit.  */
       if (prefix2 != NULL)
-	xformat = xasprintf ("%s %s %s", prefix1, prefix2, format);
+	xformat = xasprintf ("%s %s %s", escape_d_format (prefix1),
+			     escape_d_format (prefix2), format);
       else if (prefix1 != NULL)
-	xformat = xasprintf ("%s %s", prefix1, format);
+	xformat = xasprintf ("%s %s", escape_d_format (prefix1), format);
       else
 	xformat = xasprintf ("%s", format);
 
@@ -289,9 +342,10 @@ vdeprecation (const Loc &loc, const char *format, va_list ap,
 
       /* Build string and emit.  */
       if (prefix2 != NULL)
-	xformat = xasprintf ("%s %s %s", prefix1, prefix2, format);
+	xformat = xasprintf ("%s %s %s", escape_d_format (prefix1),
+			     escape_d_format (prefix2), format);
       else if (prefix1 != NULL)
-	xformat = xasprintf ("%s %s", prefix1, format);
+	xformat = xasprintf ("%s %s", escape_d_format (prefix1), format);
       else
 	xformat = xasprintf ("%s", format);
 
diff --git a/gcc/testsuite/gdc.dg/pr98457.d b/gcc/testsuite/gdc.dg/pr98457.d
new file mode 100644
index 00000000000..bc0d8af5d4a
--- /dev/null
+++ b/gcc/testsuite/gdc.dg/pr98457.d
@@ -0,0 +1,9 @@
+// https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98457
+// { dg-do compile }
+
+void main()
+{
+    writef!"%s";    // { dg-error "template instance writef!\"%s\" template .writef. is not defined" }
+    writef!"`%s";   // { dg-error "template instance writef!\"`%s\" template .writef. is not defined" }
+    writef!"%%s`";  // { dg-error "template instance writef!\"%%s`\" template .writef. is not defined" }
+}
-- 
2.27.0

Re: [committed] d: Fix ICE in when formating a string with '%' or '`' characters (PR98457)

[ibuclaw]

> On 19/04/2021 19:50 Iain Buclaw <ibuclaw@gdcproject.org> wrote:
> 
>  
> Hi,
> 
> This patch fixes an ICE that occurred in the D front-end diagnostic
> handlers.  The percentage character was being confused for a format
> specifier in pp_format(), whilst the backtick character was confused for
> the beginning of a quoted string in expand_d_format().
> 
> Both are now properly escaped to avoid the ICE.
> 
> Bootstrapped and regression tested on x86_64-linux-gnu/-m32/-mx32, and
> committed to mainline.
> 
> Will also be preparing a backport to the gcc-10 and gcc-9 release
> branches, as the bug is reproducible there as well.

Attached backport, regression tested and applied to both releases/gcc-9
and releases/gcc-10 branches.

Regards,
Iain.

---
gcc/d/ChangeLog:

	PR d/98457
	* d-diagnostic.cc (expand_d_format): Handle escaped backticks.
	(escape_d_format): New funtion.
	(verror): Call escape_d_format on prefixing strings.
	(vdeprecation): Likewise.

gcc/testsuite/ChangeLog:

	PR d/98457
	* gdc.dg/pr98457.d: New test.

(cherry picked from commit dc7d1c74ffb1cc85e67984632f581d526c783770)
---
 gcc/d/d-diagnostic.cc          | 64 +++++++++++++++++++++++++++++++---
 gcc/testsuite/gdc.dg/pr98457.d |  9 +++++
 2 files changed, 68 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gdc.dg/pr98457.d

diff --git a/gcc/d/d-diagnostic.cc b/gcc/d/d-diagnostic.cc
index 95a008d1b6f..47c7323aa0b 100644
--- a/gcc/d/d-diagnostic.cc
+++ b/gcc/d/d-diagnostic.cc
@@ -48,7 +48,7 @@ expand_d_format (const char *format)
 
   for (const char *p = format; *p;)
     {
-      while (*p != '\0' && *p != '%' && *p != '`')
+      while (*p != '\0' && *p != '\\' && *p != '%' && *p != '`')
 	{
 	  buf.writeByte (*p);
 	  p++;
@@ -57,6 +57,21 @@ expand_d_format (const char *format)
       if (*p == '\0')
 	break;
 
+      if (*p == '\\')
+	{
+	  if (p[1] == '`')
+	    {
+	      /* Escaped backtick, don't expand it as a quoted string.  */
+	      buf.writeByte ('`');
+	      p++;;
+	    }
+	  else
+	    buf.writeByte (*p);
+
+	  p++;
+	  continue;
+	}
+
       if (*p == '`')
 	{
 	  /* Text enclosed by `...` are translated as a quoted string.  */
@@ -113,6 +128,43 @@ expand_d_format (const char *format)
   return buf.extractString ();
 }
 
+/* Rewrite the format string FORMAT to deal with any characters that require
+   escaping before expand_d_format expands it.  */
+
+static char *
+escape_d_format (const char *format)
+{
+  obstack buf;
+
+  gcc_obstack_init (&buf);
+
+  for (const char *p = format; *p; p++)
+    {
+      switch (*p)
+	{
+	case '%':
+	  /* Escape `%' characters so that pp_format does not confuse them
+	     for actual format specifiers.  */
+	  obstack_1grow (&buf, '%');
+	  break;
+
+	case '`':
+	  /* Escape '`' characters so that expand_d_format does not confuse them
+	     for a quoted string.  */
+	  obstack_1grow (&buf, '\\');
+	  break;
+
+	default:
+	  break;
+	}
+
+      obstack_1grow (&buf, *p);
+    }
+
+  obstack_1grow (&buf, '\0');
+  return (char *) obstack_finish (&buf);
+}
+
 /* Helper routine for all error routines.  Reports a diagnostic specified by
    KIND at the explicit location LOC.  The message FORMAT comes from the dmd
    front-end, which does not get translated by the gcc diagnostic routines.  */
@@ -177,9 +229,10 @@ verror (const Loc& loc, const char *format, va_list ap,
 
       /* Build string and emit.  */
       if (prefix2 != NULL)
-	xformat = xasprintf ("%s %s %s", prefix1, prefix2, format);
+	xformat = xasprintf ("%s %s %s", escape_d_format (prefix1),
+			     escape_d_format (prefix2), format);
       else if (prefix1 != NULL)
-	xformat = xasprintf ("%s %s", prefix1, format);
+	xformat = xasprintf ("%s %s", escape_d_format (prefix1), format);
       else
 	xformat = xasprintf ("%s", format);
 
@@ -287,9 +340,10 @@ vdeprecation (const Loc& loc, const char *format, va_list ap,
 
       /* Build string and emit.  */
       if (prefix2 != NULL)
-	xformat = xasprintf ("%s %s %s", prefix1, prefix2, format);
+	xformat = xasprintf ("%s %s %s", escape_d_format (prefix1),
+			     escape_d_format (prefix2), format);
       else if (prefix1 != NULL)
-	xformat = xasprintf ("%s %s", prefix1, format);
+	xformat = xasprintf ("%s %s", escape_d_format (prefix1), format);
       else
 	xformat = xasprintf ("%s", format);
 
diff --git a/gcc/testsuite/gdc.dg/pr98457.d b/gcc/testsuite/gdc.dg/pr98457.d
new file mode 100644
index 00000000000..bc0d8af5d4a
--- /dev/null
+++ b/gcc/testsuite/gdc.dg/pr98457.d
@@ -0,0 +1,9 @@
+// https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98457
+// { dg-do compile }
+
+void main()
+{
+    writef!"%s";    // { dg-error "template instance writef!\"%s\" template .writef. is not defined" }
+    writef!"`%s";   // { dg-error "template instance writef!\"`%s\" template .writef. is not defined" }
+    writef!"%%s`";  // { dg-error "template instance writef!\"%%s`\" template .writef. is not defined" }
+}
-- 
2.27.0