* [PATCH] PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
@ 2020-06-17 19:27 Harald Anlauf
2020-06-20 9:06 ` Thomas Koenig
2020-06-23 21:55 ` Jerry DeLisle
0 siblings, 2 replies; 3+ messages in thread
From: Harald Anlauf @ 2020-06-17 19:27 UTC (permalink / raw)
To: fortran, gcc-patches
[-- Attachment #1: Type: text/plain, Size: 760 bytes --]
Another corner case of buffer overflows during name mangling found by
Gerhard. We now check that the new buffer sizes suffice.
The patch is on top of the patches for PRs 95687, 95688, 95689.
Regtested on x86_64-pc-linux-gnu.
OK for master / backports?
Thanks,
Harald
PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
With submodules and equivalence declarations, name mangling may result in
long internal symbols overflowing internal buffers. We now check that
we do not exceed the enlarged buffer sizes.
gcc/fortran/
PR fortran/95707
* gfortran.h (gfc_common_head): Enlarge buffer.
* trans-common.c (gfc_sym_mangled_common_id): Enlarge temporary
buffers, and add check on length on mangled name to prevent
overflow.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: pr95707.patch --]
[-- Type: text/x-patch, Size: 2362 bytes --]
diff --git a/gcc/fortran/gfortran.h b/gcc/fortran/gfortran.h
index c12a8bef277..836e0b3063d 100644
--- a/gcc/fortran/gfortran.h
+++ b/gcc/fortran/gfortran.h
@@ -1677,8 +1677,8 @@ typedef struct gfc_common_head
char use_assoc, saved, threadprivate;
unsigned char omp_declare_target : 1;
unsigned char omp_declare_target_link : 1;
- /* Provide sufficient space to hold "symbol.eq.1234567890". */
- char name[GFC_MAX_SYMBOL_LEN + 1 + 14];
+ /* Provide sufficient space to hold "symbol.symbol.eq.1234567890". */
+ char name[2*GFC_MAX_SYMBOL_LEN + 1 + 14 + 1];
struct gfc_symbol *head;
const char* binding_label;
int is_bind_c;
diff --git a/gcc/fortran/trans-common.c b/gcc/fortran/trans-common.c
index 1acc336eacf..c6383fc2352 100644
--- a/gcc/fortran/trans-common.c
+++ b/gcc/fortran/trans-common.c
@@ -242,11 +242,13 @@ static tree
gfc_sym_mangled_common_id (gfc_common_head *com)
{
int has_underscore;
- /* Provide sufficient space to hold "symbol.eq.1234567890__". */
- char mangled_name[GFC_MAX_MANGLED_SYMBOL_LEN + 1 + 16];
- char name[GFC_MAX_SYMBOL_LEN + 1 + 16];
+ /* Provide sufficient space to hold "symbol.symbol.eq.1234567890__". */
+ char mangled_name[2*GFC_MAX_MANGLED_SYMBOL_LEN + 1 + 16 + 1];
+ char name[sizeof (mangled_name) - 2];
/* Get the name out of the common block pointer. */
+ size_t len = strlen (com->name);
+ gcc_assert (len < sizeof (name));
strcpy (name, com->name);
/* If we're suppose to do a bind(c). */
diff --git a/gcc/testsuite/gfortran.dg/pr95707.f90 b/gcc/testsuite/gfortran.dg/pr95707.f90
new file mode 100644
index 00000000000..3279a6320cf
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95707.f90
@@ -0,0 +1,16 @@
+! { dg-do compile }
+! { dg-options "-fsecond-underscore" }
+! PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
+
+module m2345678901234567890123456789012345678901234567890123456789_123
+ interface
+ module subroutine s2345678901234567890123456789012345678901234567890123456789_123
+ end
+ end interface
+end
+submodule(m2345678901234567890123456789012345678901234567890123456789_123) &
+ n2345678901234567890123456789012345678901234567890123456789_123
+ real :: a(4), u(3,2)
+ real :: b(4), v(4,2)
+ equivalence (a(1),u(1,1)), (b(1),v(1,1))
+end
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
2020-06-17 19:27 [PATCH] PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319 Harald Anlauf
@ 2020-06-20 9:06 ` Thomas Koenig
2020-06-23 21:55 ` Jerry DeLisle
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Koenig @ 2020-06-20 9:06 UTC (permalink / raw)
To: Harald Anlauf, fortran, gcc-patches
Am 17.06.20 um 21:27 schrieb Harald Anlauf:
> OK for master / backports?
OK.
Thanks for the patch!
Regards
Thomas
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
2020-06-17 19:27 [PATCH] PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319 Harald Anlauf
2020-06-20 9:06 ` Thomas Koenig
@ 2020-06-23 21:55 ` Jerry DeLisle
1 sibling, 0 replies; 3+ messages in thread
From: Jerry DeLisle @ 2020-06-23 21:55 UTC (permalink / raw)
To: Harald Anlauf, fortran, gcc-patches
OK, and once again, thanks.
Jerry
On 6/17/20 12:27 PM, Harald Anlauf wrote:
> Another corner case of buffer overflows during name mangling found by
> Gerhard. We now check that the new buffer sizes suffice.
>
> The patch is on top of the patches for PRs 95687, 95688, 95689.
>
> Regtested on x86_64-pc-linux-gnu.
>
> OK for master / backports?
>
> Thanks,
> Harald
>
>
> PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
>
> With submodules and equivalence declarations, name mangling may result in
> long internal symbols overflowing internal buffers. We now check that
> we do not exceed the enlarged buffer sizes.
>
> gcc/fortran/
> PR fortran/95707
> * gfortran.h (gfc_common_head): Enlarge buffer.
> * trans-common.c (gfc_sym_mangled_common_id): Enlarge temporary
> buffers, and add check on length on mangled name to prevent
> overflow.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-06-23 21:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-17 19:27 [PATCH] PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319 Harald Anlauf
2020-06-20 9:06 ` Thomas Koenig
2020-06-23 21:55 ` Jerry DeLisle
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).