From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-438171-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 23563 invoked by alias); 11 Oct 2016 09:28:13 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 23540 invoked by uid 89); 11 Oct 2016 09:28:11 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=Liska, liska, *string
X-HELO: mx2.suse.de
Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 11 Oct 2016 09:28:01 +0000
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])	by mx2.suse.de (Postfix) with ESMTP id 5F014AC47;	Tue, 11 Oct 2016 09:27:59 +0000 (UTC)
Subject: [PATCH] Check \0-termination of string in c_getstr
To: Richard Biener <richard.guenther@gmail.com>
References: <cover.1471416736.git.mliska@suse.cz> <a512b4ec59733c5a2fd74945762456eaa4402cee.1471416736.git.mliska@suse.cz> <678ff58e-4aa3-6145-f56b-780bf618338c@suse.cz> <CAFiYyc00X0ffun7_gr1i4jp7yvRCGFXCNN2e926LDbPqLFEUQw@mail.gmail.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
From: =?UTF-8?Q?Martin_Li=c5=a1ka?= <mliska@suse.cz>
Message-ID: <1db7cd13-d403-9a6c-811a-bba82a35ef37@suse.cz>
Date: Tue, 11 Oct 2016 09:28:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2
MIME-Version: 1.0
In-Reply-To: <CAFiYyc00X0ffun7_gr1i4jp7yvRCGFXCNN2e926LDbPqLFEUQw@mail.gmail.com>
Content-Type: multipart/mixed; boundary="------------5BA7363CF8204C68E5ADDC23"
X-IsSubscribed: yes
X-SW-Source: 2016-10/txt/msg00690.txt.bz2

This is a multi-part message in MIME format.
--------------5BA7363CF8204C68E5ADDC23
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-length: 165

As mentioned in the email that I reply to, c_getstr should check
null termination of string constants.

Tests of the whole series have been running.

Thanks,
Martin

--------------5BA7363CF8204C68E5ADDC23
Content-Type: text/x-patch;
 name="0001-Check-0-termination-of-string-in-c_getstr.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="0001-Check-0-termination-of-string-in-c_getstr.patch"
Content-length: 1278

>From b446c659e839caa5ea5f36b06ec9110fe69f6e38 Mon Sep 17 00:00:00 2001
From: marxin <mliska@suse.cz>
Date: Mon, 10 Oct 2016 12:13:12 +0200
Subject: [PATCH 1/5] Check \0-termination of string in c_getstr

gcc/ChangeLog:

2016-10-10  Martin Liska  <mliska@suse.cz>

	* fold-const.c (c_getstr): Guard string termination.
---
 gcc/fold-const.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/gcc/fold-const.c b/gcc/fold-const.c
index 02aa484..a9e8650 100644
--- a/gcc/fold-const.c
+++ b/gcc/fold-const.c
@@ -14451,13 +14451,20 @@ c_getstr (tree src)
   if (src == 0)
     return 0;
 
+  unsigned HOST_WIDE_INT string_length = TREE_STRING_LENGTH (src) - 1;
+  const char *string = TREE_STRING_POINTER (src);
+
+  /* If the string is not properly terminated, return 0.  */
+  if (string[string_length] != 0)
+    return 0;
+
   if (offset_node == 0)
-    return TREE_STRING_POINTER (src);
+    return string;
   else if (!tree_fits_uhwi_p (offset_node)
-	   || compare_tree_int (offset_node, TREE_STRING_LENGTH (src) - 1) > 0)
+	   || compare_tree_int (offset_node, string_length) > 0)
     return 0;
 
-  return TREE_STRING_POINTER (src) + tree_to_uhwi (offset_node);
+  return string + tree_to_uhwi (offset_node);
 }
 
 #if CHECKING_P
-- 
2.9.2


--------------5BA7363CF8204C68E5ADDC23--