From patchwork Mon Jun 15 20:47:55 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Harald Anlauf <anlauf@gmx.de>
X-Patchwork-Id: 1309747
Return-Path: <gcc-patches-bounces@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org
 (client-ip=8.43.85.97; helo=sourceware.org;
 envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=gmx.de
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256
 header.s=badeba3b8450 header.b=FlRIoQ6b;
	dkim-atps=neutral
Received: from sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 49m3Lv27xDz9sRW
	for <incoming@patchwork.ozlabs.org>; Tue, 16 Jun 2020 06:48:06 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 8BE2E383F855;
	Mon, 15 Jun 2020 20:48:00 +0000 (GMT)
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
 by sourceware.org (Postfix) with ESMTPS id 1E07938708D6;
 Mon, 15 Jun 2020 20:47:57 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 1E07938708D6
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=gmx.de
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=anlauf@gmx.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1592254075;
 bh=ku/PhvEP3f2hQwaLd81pbPXjYJB2pDvmaH1OUFiebig=;
 h=X-UI-Sender-Class:From:To:Subject:Date;
 b=FlRIoQ6b+xizZ2vo2C4v1imIwoO4aFTn+9IHjDXmXGMIbkSvpAHjUIYBL5XLluGBA
 bFeFJgQCKzjee+nigxlJPt/9ce8VRXC/Ucf7ljUylUytVFw4h7uSw+N6V5qHAVxPnm
 kOOTdlhwrqJohiPeGzR+IcASLr/TQYyHHci7fXHQ=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [93.207.84.53] ([93.207.84.53]) by web-mail.gmx.net
 (3c-app-gmx-bs33.server.lan [172.19.170.85]) (via HTTP); Mon, 15 Jun 2020
 22:47:55 +0200
MIME-Version: 1.0
Message-ID: 
 <trinity-157004fc-dcd4-421f-8808-1c4aaf040c52-1592254075519@3c-app-gmx-bs33>
From: Harald Anlauf <anlauf@gmx.de>
To: fortran <fortran@gcc.gnu.org>, gcc-patches <gcc-patches@gcc.gnu.org>
Subject: [PATCH][8/9/10/11 Regression]  PR fortran/95689 - ICE in
 check_sym_interfaces, at fortran/interface.c:2015
Date: Mon, 15 Jun 2020 22:47:55 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: 
 V03:K1:YcJ+06+FtkFdLNFfGDLnfYYNbDgj0k+rO3VeAxFKNqGdRFRDQTsgUwC3JWAJ9o1NF+dfQ
 xExeV8XpEDCh+UGH3MZ0nbFcRkWNMDbbbjh93M8H6GiOJKe6/dBy7bWUpeT7NIsHJNH8w7/oGD1n
 kyn+xmIQRdsc/1jEO6BVJ43nTzjRgD22q6SSdOkNPB6Yny7vmXKoWfxWXgA0lezObXs93TWLx0ts
 /2LY+O++GyxCHeC/qCBPHNX5szW81ahXE2UuOAE+GGcQ3PzdezoS1CLVK4WB1grnpT8B2xCKb59O
 Q8=
X-UI-Out-Filterresults: notjunk:1;V03:K0:jJFJkmlqtfA=:udbhgSmhUX8Q4PgrifKFiL
 rtM/nIXx/tCUMs2lRNrURb1EFiLyvp5OYqcTu5aYbVaHQeSQU2u0rNcE0okBGUNCnL0UYXAhL
 oZcpY3moKNjPAR7u5U63eRzMf7gaWz3bRwqjgwkXuQXoWv74YijYgdONOkEtVt1c1KTk9EDW+
 GdywmNn+O9nJ0AdHroAgOaABmuKFHYutopCAHCBCYKDdHmS41WIOyFlm8FETUQDKZ0jhRmS97
 Vj7oZ+YSERgniwJPz9BVTYhVR88tkS+6wghSTGj2/8pYcefP9Xv+SN3Y1iju9+dDGy8GZn3nn
 fZG4ssf7g0IgkRkZjdvuYCH0dJvn/J4do+u0mjEsQvvxEjcySveiI/djWvbk5dWi7C2ODaS8G
 v5W2L8Pk6Z/6hT5mxhdTxqtHc3qpRFAA2kpyxot3aFF4iFZJGAhBnLOjbUi//Il49HIGFQiuh
 cdjcozB7NwLOmrLzM0loPy+BvVa0HRpiMm29wRBwlBaWSu2IXPBlEXvqztp7bvQEeYe1udVfr
 jAaQbCMtFpbdu61rGAuRY0/v/Ca4NM4hrFH/NrQd5WyOu3rDc2e9tNYrqHdcnOCSp95rSfEJI
 rU7toRuVbszR1GT4O9OzcyQyQcoye0YWj8oIj1h6J9stabeXBXCwuMvmPHHC3sgNGkXhaStVm
 vMeMW6/cly0R+C3hHo87aktQmyD28znNgiwtKg32o+jpD7SpN+dHJKAmbSs8eJ9xOKWY=
X-Spam-Status: No, score=-11.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, FREEMAIL_FROM, GIT_PATCH_0, KAM_LOTSOFHASH, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <http://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <http://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Errors-To: gcc-patches-bounces@gcc.gnu.org
Sender: "Gcc-patches" <gcc-patches-bounces@gcc.gnu.org>

YABRBG (Yet another bug report by Gerhard).

Sigh.  Another buffer overflow.

We extend the buffer and now check for overflow.

Regtested on x86_64-pc-linux-gnu.

OK for master?  Backports where possible?

Thanks,
Harald



PR fortran/95689 - ICE in check_sym_interfaces, at fortran/interface.c:2015

With submodules, name mangling of interfaces may result in long internal
symbols overflowing an internal buffer.  We now check that we do not
exceed the enlarged buffer size.

gcc/fortran/
	PR fortran/95689
	* class.c (get_unique_type_string): Enlarge temporary buffer, and
	add check on length on mangled name to prevent overflow.

diff --git a/gcc/fortran/interface.c b/gcc/fortran/interface.c
index f33c6632b45..b1a75a37b0e 100644
--- a/gcc/fortran/interface.c
+++ b/gcc/fortran/interface.c
@@ -1981,7 +1981,8 @@ check_interface1 (gfc_interface *p, gfc_interface *q0,
 static void
 check_sym_interfaces (gfc_symbol *sym)
 {
-  char interface_name[GFC_MAX_SYMBOL_LEN + sizeof("generic interface ''")];
+  /* Provide sufficient space to hold "generic interface 'symbol.symbol'".  */
+  char interface_name[2*GFC_MAX_SYMBOL_LEN+2 + sizeof("generic interface ''")];
   gfc_interface *p;

   if (sym->ns != gfc_current_ns)
@@ -1989,6 +1990,8 @@ check_sym_interfaces (gfc_symbol *sym)

   if (sym->generic != NULL)
     {
+      size_t len = strlen (sym->name) + sizeof("generic interface ''");
+      gcc_assert (len < sizeof (interface_name));
       sprintf (interface_name, "generic interface '%s'", sym->name);
       if (check_interface0 (sym->generic, interface_name))
 	return;
diff --git a/gcc/testsuite/gfortran.dg/pr95689.f90 b/gcc/testsuite/gfortran.dg/pr95689.f90
new file mode 100644
index 00000000000..287ae50b0cb
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95689.f90
@@ -0,0 +1,16 @@
+! { dg-do compile }
+! { dg-options "-fsecond-underscore" }
+! PR fortran/95689 - ICE in check_sym_interfaces, at fortran/interface.c:2015
+
+module m2345678901234567890123456789012345678901234567890123456789_123
+  type t2345678901234567890123456789012345678901234567890123456789_123
+   end type
+   interface
+      module subroutine s2345678901234567890123456789012345678901234567890123456789_123 &
+                       (x2345678901234567890123456789012345678901234567890123456789_123)
+      end
+   end interface
+end
+submodule(m2345678901234567890123456789012345678901234567890123456789_123) &
+          t2345678901234567890123456789012345678901234567890123456789_123
+end