From patchwork Wed Jul 10 11:43:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Sandiford X-Patchwork-Id: 1958818 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=gcc-patches-bounces~incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WJwxL01lwz20MK for ; Wed, 10 Jul 2024 21:44:05 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 79D563839158 for ; Wed, 10 Jul 2024 11:44:02 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 2E524385DDE0 for ; Wed, 10 Jul 2024 11:43:36 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2E524385DDE0 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2E524385DDE0 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1720611817; cv=none; b=mT7tiiEim5jPWuD+V2RSFTfCWwG66a9JhgL+JyWAMB82dcTxdxGsbORBlUfmOi1E0uXnZv2fXfMq/8A+QN5EWhfb9HoN6aEzAnzBIbZfzVVD4oikysT/2ixlKNJQ/u1ZMALGKIFzx/x/lE7/WbAEjhl1LYo7nPvv0JJZ8wwobjI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1720611817; c=relaxed/simple; bh=aAhVAZrN0gT3Zv6WJMu17znPQY1q7OJTr9aUR6eT5fU=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=i/5VOOZvdZayxWk39u7HyoTR+FjJypJO/49DszSWhI8hk8lNvTxx6LxIIWRNf2okq6lGzlJbXOKbpQGjWi+7jckryCEupU7NyUHaEO1u+RT8D1uNCSrOPT8D1vjQRt/nJ/BxCcipRBvJN00qtR77jqNf52oN7qXrQvZNRL+q9Mg= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C267E106F; Wed, 10 Jul 2024 04:44:00 -0700 (PDT) Received: from localhost (e121540-lin.manchester.arm.com [10.32.110.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0D7823F766; Wed, 10 Jul 2024 04:43:34 -0700 (PDT) From: Richard Sandiford To: gcc-patches@gcc.gnu.org Mail-Followup-To: gcc-patches@gcc.gnu.org,richard.earnshaw@arm.com, ktkachov@nvidia.com, richard.sandiford@arm.com Cc: richard.earnshaw@arm.com, ktkachov@nvidia.com Subject: [PATCH] aarch64: Avoid alloca in target attribute parsing Date: Wed, 10 Jul 2024 12:43:33 +0100 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-Spam-Status: No, score=-19.5 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces~incoming=patchwork.ozlabs.org@gcc.gnu.org The handling of the target attribute used alloca to allocate a copy of unverified user input, which could exhaust the stack if the input is too long. This patch converts it to auto_vecs instead. I wondered about converting it to use std::string, which we already use elsewhere, but that would be more invasive and controversial. I'll push tomorrow evening UK time if there are no comments in the meantime. Richard gcc/ * config/aarch64/aarch64.cc (aarch64_process_one_target_attr) (aarch64_process_target_attr): Avoid alloca. --- gcc/config/aarch64/aarch64.cc | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc index 7f0cc47d0f0..0d41a193ec1 100644 --- a/gcc/config/aarch64/aarch64.cc +++ b/gcc/config/aarch64/aarch64.cc @@ -19405,8 +19405,10 @@ aarch64_process_one_target_attr (char *arg_str) return false; } - char *str_to_check = (char *) alloca (len + 1); - strcpy (str_to_check, arg_str); + auto_vec buffer; + buffer.safe_grow (len + 1); + char *str_to_check = buffer.address (); + memcpy (str_to_check, arg_str, len + 1); /* We have something like __attribute__ ((target ("+fp+nosimd"))). It is easier to detect and handle it explicitly here rather than going @@ -19569,8 +19571,10 @@ aarch64_process_target_attr (tree args) } size_t len = strlen (TREE_STRING_POINTER (args)); - char *str_to_check = (char *) alloca (len + 1); - strcpy (str_to_check, TREE_STRING_POINTER (args)); + auto_vec buffer; + buffer.safe_grow (len + 1); + char *str_to_check = buffer.address (); + memcpy (str_to_check, TREE_STRING_POINTER (args), len + 1); if (len == 0) {