From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 97DB13858D32 for ; Thu, 1 Dec 2022 16:12:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 97DB13858D32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D76CFD6E; Thu, 1 Dec 2022 08:12:17 -0800 (PST) Received: from localhost (e121540-lin.manchester.arm.com [10.32.98.62]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C06E33F73B; Thu, 1 Dec 2022 08:12:10 -0800 (PST) From: Richard Sandiford To: Alex Coplan via Gcc-patches Mail-Followup-To: Alex Coplan via Gcc-patches ,Alex Coplan , richard.sandiford@arm.com Cc: Alex Coplan Subject: Re: [PATCH] varasm: Fix type confusion bug References: Date: Thu, 01 Dec 2022 16:12:09 +0000 In-Reply-To: (Alex Coplan via Gcc-patches's message of "Thu, 1 Dec 2022 15:33:30 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-39.5 required=5.0 tests=BAYES_00,GIT_PATCH_0,KAM_DMARC_NONE,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Alex Coplan via Gcc-patches writes: > Hi, > > This patch fixes a type confusion bug in varasm.cc:assemble_variable. > The problem is that the current code calls: > > sect = get_variable_section (decl, false); > > and then accesses sect->named.name without checking whether the section > is in fact a named section. In the surrounding else clause, we only know > that SECTION_STYLE (sect) != SECTION_NOSWITCH, so it is possible that > the section is an unnamed section. > > In practice, this means that we end up doing a wild string compare > between a function pointer and the string literal ".vtable_map_vars". > This is because sect->named.name aliases sect->unnamed.callback in the > section union. > > This can be seen in GDB with a simple testcase such as "int x;". > > This patch fixes the issue by checking the SECTION_STYLE of the section > is in fact SECTION_NAMED before trying to do the string comparison. > > We drop the existing check of whether sect->named.name is non-NULL > because this should presumably always be the case for a named section. > > Bootstrapped/regtested on aarch64-none-linux-gnu, OK for trunk? OK, thanks. I think it's OK for backports too if you like, since it's a regression from around 2013. Richard > > Thanks, > Alex > > gcc/ChangeLog: > > * varasm.cc (assemble_variable): Fix type confusion bug when > checking for ".vtable_map_vars" section. > > diff --git a/gcc/varasm.cc b/gcc/varasm.cc > index 9dfbebbb915..6851201b6a2 100644 > --- a/gcc/varasm.cc > +++ b/gcc/varasm.cc > @@ -2400,7 +2400,7 @@ assemble_variable (tree decl, int top_level ATTRIBUTE_UNUSED, > else > { > /* Special-case handling of vtv comdat sections. */ > - if (sect->named.name > + if (SECTION_STYLE (sect) == SECTION_NAMED > && (strcmp (sect->named.name, ".vtable_map_vars") == 0)) > handle_vtv_comdat_section (sect, decl); > else