From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-493541-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 13966 invoked by alias); 7 Jan 2019 14:58:59 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 13932 invoked by uid 89); 7 Jan 2019 14:58:58 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 07 Jan 2019 14:58:56 +0000
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id ED4F1636E5;	Mon,  7 Jan 2019 14:58:54 +0000 (UTC)
Received: from localhost (unknown [10.33.36.12])	by smtp.corp.redhat.com (Postfix) with ESMTP id 7503E1059597;	Mon,  7 Jan 2019 14:58:54 +0000 (UTC)
Date: Mon, 07 Jan 2019 14:58:00 -0000
From: Jonathan Wakely <jwakely@redhat.com>
To: libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org
Subject: [PATCH] PR libstdc++/87787 avoid undefined null args to memcpy and memmove
Message-ID: <20190107145853.GA27400@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="82I3+IH0IqGh5yIs"
Content-Disposition: inline
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.10.1 (2018-07-13)
X-SW-Source: 2019-01/txt/msg00310.txt.bz2


--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-length: 670

The C++ char_traits and ctype APIs do not disallow null pointer
arguments, so we need explicit checks to ensure we don't forward null
pointers to memcpy or memmove.

	PR libstdc++/87787
	* include/bits/char_traits.h (char_traits::move): Do not pass null
	pointers to memmove.
	* include/bits/locale_facets.h
	(ctype<char>::widen(const char*, const char*, char*)): Do not
	pass null pointers to memcpy.
	(ctype<char>::narrow(const char*, const char*, char, char*)):
	Likewise.
	(ctype<char>::do_widen(const char*, const char*, char*)):
	Likewise.
	(ctype<char>::do_narrow(const char*, const char*, char, char*)):
	Likewise.

Tested powerpc64-linux, committed to trunk.



--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch.txt"
Content-length: 3015

commit 8322b49ba9dfa3cef33a78e4bc2bab0937c3849a
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Mon Jan 7 14:38:22 2019 +0000

    PR libstdc++/87787 avoid undefined null args to memcpy and memmove
    
    The C++ char_traits and ctype APIs do not disallow null pointer
    arguments, so we need explicit checks to ensure we don't forward null
    pointers to memcpy or memmove.
    
            PR libstdc++/87787
            * include/bits/char_traits.h (char_traits::move): Do not pass null
            pointers to memmove.
            * include/bits/locale_facets.h
            (ctype<char>::widen(const char*, const char*, char*)): Do not
            pass null pointers to memcpy.
            (ctype<char>::narrow(const char*, const char*, char, char*)):
            Likewise.
            (ctype<char>::do_widen(const char*, const char*, char*)):
            Likewise.
            (ctype<char>::do_narrow(const char*, const char*, char, char*)):
            Likewise.

diff --git a/libstdc++-v3/include/bits/char_traits.h b/libstdc++-v3/include/bits/char_traits.h
index a2ba5da910f..06e04ceaa34 100644
--- a/libstdc++-v3/include/bits/char_traits.h
+++ b/libstdc++-v3/include/bits/char_traits.h
@@ -183,6 +183,8 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
     char_traits<_CharT>::
     move(char_type* __s1, const char_type* __s2, std::size_t __n)
     {
+      if (__n == 0)
+	return __s1;
       return static_cast<_CharT*>(__builtin_memmove(__s1, __s2,
 						    __n * sizeof(char_type)));
     }
diff --git a/libstdc++-v3/include/bits/locale_facets.h b/libstdc++-v3/include/bits/locale_facets.h
index 33cff652222..66ac9c07a5d 100644
--- a/libstdc++-v3/include/bits/locale_facets.h
+++ b/libstdc++-v3/include/bits/locale_facets.h
@@ -896,7 +896,8 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
       {
 	if (_M_widen_ok == 1)
 	  {
-	    __builtin_memcpy(__to, __lo, __hi - __lo);
+	    if (__builtin_expect(__hi != __lo, true))
+	      __builtin_memcpy(__to, __lo, __hi - __lo);
 	    return __hi;
 	  }
 	if (!_M_widen_ok)
@@ -961,7 +962,8 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
       {
 	if (__builtin_expect(_M_narrow_ok == 1, true))
 	  {
-	    __builtin_memcpy(__to, __lo, __hi - __lo);
+	    if (__builtin_expect(__hi != __lo, true))
+	      __builtin_memcpy(__to, __lo, __hi - __lo);
 	    return __hi;
 	  }
 	if (!_M_narrow_ok)
@@ -1100,7 +1102,8 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
       virtual const char*
       do_widen(const char* __lo, const char* __hi, char_type* __to) const
       {
-	__builtin_memcpy(__to, __lo, __hi - __lo);
+	if (__builtin_expect(__hi != __lo, true))
+	  __builtin_memcpy(__to, __lo, __hi - __lo);
 	return __hi;
       }
 
@@ -1153,7 +1156,8 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
       do_narrow(const char_type* __lo, const char_type* __hi,
 		char __dfault __attribute__((__unused__)), char* __to) const
       {
-	__builtin_memcpy(__to, __lo, __hi - __lo);
+	if (__builtin_expect(__hi != __lo, true))
+	  __builtin_memcpy(__to, __lo, __hi - __lo);
 	return __hi;
       }
 

--82I3+IH0IqGh5yIs--