From b446c659e839caa5ea5f36b06ec9110fe69f6e38 Mon Sep 17 00:00:00 2001
From: marxin <mliska@suse.cz>
Date: Mon, 10 Oct 2016 12:13:12 +0200
Subject: [PATCH 1/5] Check \0-termination of string in c_getstr

gcc/ChangeLog:

2016-10-10  Martin Liska  <mliska@suse.cz>

	* fold-const.c (c_getstr): Guard string termination.
---
 gcc/fold-const.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/gcc/fold-const.c b/gcc/fold-const.c
index 02aa484..a9e8650 100644
--- a/gcc/fold-const.c
+++ b/gcc/fold-const.c
@@ -14451,13 +14451,20 @@ c_getstr (tree src)
   if (src == 0)
     return 0;
 
+  unsigned HOST_WIDE_INT string_length = TREE_STRING_LENGTH (src) - 1;
+  const char *string = TREE_STRING_POINTER (src);
+
+  /* If the string is not properly terminated, return 0.  */
+  if (string[string_length] != 0)
+    return 0;
+
   if (offset_node == 0)
-    return TREE_STRING_POINTER (src);
+    return string;
   else if (!tree_fits_uhwi_p (offset_node)
-	   || compare_tree_int (offset_node, TREE_STRING_LENGTH (src) - 1) > 0)
+	   || compare_tree_int (offset_node, string_length) > 0)
     return 0;
 
-  return TREE_STRING_POINTER (src) + tree_to_uhwi (offset_node);
+  return string + tree_to_uhwi (offset_node);
 }
 
 #if CHECKING_P
-- 
2.9.2