[PATCH] d: fix ASAN in option processing

[PATCH] d: fix ASAN in option processing

[Martin Liška]

Fixes:

==129444==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000666ca5c at pc 0x000000ef094b bp 0x7fffffff8180 sp 0x7fffffff8178
READ of size 4 at 0x00000666ca5c thread T0
     #0 0xef094a in parse_optimize_options ../../gcc/d/d-attribs.cc:855
     #1 0xef0d36 in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:916
     #2 0xef107e in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:887
     #3 0xff85b1 in decl_attributes(tree_node**, tree_node*, int, tree_node*) ../../gcc/attribs.c:829
     #4 0xef2a91 in apply_user_attributes(Dsymbol*, tree_node*) ../../gcc/d/d-attribs.cc:427
     #5 0xf7b7f3 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:1346
     #6 0xf87bc7 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:967
     #7 0xf87bc7 in DeclVisitor::visit(FuncDeclaration*) ../../gcc/d/decl.cc:808
     #8 0xf83db5 in DeclVisitor::build_dsymbol(Dsymbol*) ../../gcc/d/decl.cc:146

for the following test-case: gcc/testsuite/gdc.dg/attr_optimize1.d.

Ready for master?
Thanks,
Martin

gcc/d/ChangeLog:

	* d-attribs.cc (parse_optimize_options): Check index before
	accessing cl_options.
---
  gcc/d/d-attribs.cc | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
index d81b7d122f7..1ec800526f7 100644
--- a/gcc/d/d-attribs.cc
+++ b/gcc/d/d-attribs.cc
@@ -852,7 +852,9 @@ parse_optimize_options (tree args)
    unsigned j = 1;
    for (unsigned i = 1; i < decoded_options_count; ++i)
      {
-      if (! (cl_options[decoded_options[i].opt_index].flags & CL_OPTIMIZATION))
+      unsigned opt_index = decoded_options[i].opt_index;
+      if (opt_index >= cl_options_count
+	  && ! (cl_options[opt_index].flags & CL_OPTIMIZATION))
  	{
  	  ret = false;
  	  warning (OPT_Wattributes,
-- 
2.34.0

Re: [PATCH] d: fix ASAN in option processing

[Iain Buclaw]

Excerpts from Martin Liška's message of November 25, 2021 2:59 pm:
> Fixes:
> 
> ==129444==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000666ca5c at pc 0x000000ef094b bp 0x7fffffff8180 sp 0x7fffffff8178
> READ of size 4 at 0x00000666ca5c thread T0
>      #0 0xef094a in parse_optimize_options ../../gcc/d/d-attribs.cc:855
>      #1 0xef0d36 in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:916
>      #2 0xef107e in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:887
>      #3 0xff85b1 in decl_attributes(tree_node**, tree_node*, int, tree_node*) ../../gcc/attribs.c:829
>      #4 0xef2a91 in apply_user_attributes(Dsymbol*, tree_node*) ../../gcc/d/d-attribs.cc:427
>      #5 0xf7b7f3 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:1346
>      #6 0xf87bc7 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:967
>      #7 0xf87bc7 in DeclVisitor::visit(FuncDeclaration*) ../../gcc/d/decl.cc:808
>      #8 0xf83db5 in DeclVisitor::build_dsymbol(Dsymbol*) ../../gcc/d/decl.cc:146
> 
> for the following test-case: gcc/testsuite/gdc.dg/attr_optimize1.d.
> 
> Ready for master?

Thanks, looks OK to me, does it need backporting as well?

Iain.



> Thanks,
> Martin
> 
> gcc/d/ChangeLog:
> 
> 	* d-attribs.cc (parse_optimize_options): Check index before
> 	accessing cl_options.
> ---
>   gcc/d/d-attribs.cc | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
> index d81b7d122f7..1ec800526f7 100644
> --- a/gcc/d/d-attribs.cc
> +++ b/gcc/d/d-attribs.cc
> @@ -852,7 +852,9 @@ parse_optimize_options (tree args)
>     unsigned j = 1;
>     for (unsigned i = 1; i < decoded_options_count; ++i)
>       {
> -      if (! (cl_options[decoded_options[i].opt_index].flags & CL_OPTIMIZATION))
> +      unsigned opt_index = decoded_options[i].opt_index;
> +      if (opt_index >= cl_options_count
> +	  && ! (cl_options[opt_index].flags & CL_OPTIMIZATION))
>   	{
>   	  ret = false;
>   	  warning (OPT_Wattributes,
> -- 
> 2.34.0
> 
> 

Re: [PATCH] d: fix ASAN in option processing

[Martin Liška]

On 11/26/21 13:34, Iain Buclaw wrote:
> Thanks, looks OK to me, does it need backporting as well?

Yes, I guess so. I'm going to do it.

Martin

Re: [PATCH] d: fix ASAN in option processing

[Martin Liška]

[-- Attachment #1: Type: text/plain, Size: 2106 bytes --]

On 11/25/21 14:59, Martin Liška wrote:
> Fixes:
> 
> ==129444==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000666ca5c at pc 0x000000ef094b bp 0x7fffffff8180 sp 0x7fffffff8178
> READ of size 4 at 0x00000666ca5c thread T0
>      #0 0xef094a in parse_optimize_options ../../gcc/d/d-attribs.cc:855
>      #1 0xef0d36 in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:916
>      #2 0xef107e in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:887
>      #3 0xff85b1 in decl_attributes(tree_node**, tree_node*, int, tree_node*) ../../gcc/attribs.c:829
>      #4 0xef2a91 in apply_user_attributes(Dsymbol*, tree_node*) ../../gcc/d/d-attribs.cc:427
>      #5 0xf7b7f3 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:1346
>      #6 0xf87bc7 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:967
>      #7 0xf87bc7 in DeclVisitor::visit(FuncDeclaration*) ../../gcc/d/decl.cc:808
>      #8 0xf83db5 in DeclVisitor::build_dsymbol(Dsymbol*) ../../gcc/d/decl.cc:146
> 
> for the following test-case: gcc/testsuite/gdc.dg/attr_optimize1.d.
> 
> Ready for master?
> Thanks,
> Martin
> 
> gcc/d/ChangeLog:
> 
>      * d-attribs.cc (parse_optimize_options): Check index before
>      accessing cl_options.
> ---
>   gcc/d/d-attribs.cc | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
> index d81b7d122f7..1ec800526f7 100644
> --- a/gcc/d/d-attribs.cc
> +++ b/gcc/d/d-attribs.cc
> @@ -852,7 +852,9 @@ parse_optimize_options (tree args)
>     unsigned j = 1;
>     for (unsigned i = 1; i < decoded_options_count; ++i)
>       {
> -      if (! (cl_options[decoded_options[i].opt_index].flags & CL_OPTIMIZATION))
> +      unsigned opt_index = decoded_options[i].opt_index;
> +      if (opt_index >= cl_options_count
> +      && ! (cl_options[opt_index].flags & CL_OPTIMIZATION))
>       {
>         ret = false;
>         warning (OPT_Wattributes,

Sorry, I made a stupid thinko in the patch.

There's fix that I'm going to install.

Martin

[-- Attachment #2: 0001-d-fix-thinko-in-optimize-attr-parsing.patch --]
[-- Type: text/x-patch, Size: 834 bytes --]

From 7a66c4909fd175ba429f39a3ca30be39ea02ae64 Mon Sep 17 00:00:00 2001
From: Martin Liska <mliska@suse.cz>
Date: Sun, 28 Nov 2021 09:39:40 +0100
Subject: [PATCH] d: fix thinko in optimize attr parsing

gcc/d/ChangeLog:

	* d-attribs.cc (parse_optimize_options): Fix thinko.
---
 gcc/d/d-attribs.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
index 1ec800526f7..b79cf96f55c 100644
--- a/gcc/d/d-attribs.cc
+++ b/gcc/d/d-attribs.cc
@@ -854,7 +854,7 @@ parse_optimize_options (tree args)
     {
       unsigned opt_index = decoded_options[i].opt_index;
       if (opt_index >= cl_options_count
-	  && ! (cl_options[opt_index].flags & CL_OPTIMIZATION))
+	  || ! (cl_options[opt_index].flags & CL_OPTIMIZATION))
 	{
 	  ret = false;
 	  warning (OPT_Wattributes,
-- 
2.34.0