diff mbox series

PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319

Message ID trinity-3abd8d9b-88e9-486e-a18e-057826ff0dc2-1592422029182@3c-app-gmx-bs33
State New
Headers show
Series PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319 | expand

Commit Message

Harald Anlauf June 17, 2020, 7:27 p.m. UTC 
Another corner case of buffer overflows during name mangling found by
Gerhard.  We now check that the new buffer sizes suffice.

The patch is on top of the patches for PRs 95687, 95688, 95689.

Regtested on x86_64-pc-linux-gnu.

OK for master / backports?

Thanks,
Harald


PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319

With submodules and equivalence declarations, name mangling may result in
long internal symbols overflowing internal buffers.  We now check that
we do not exceed the enlarged buffer sizes.

gcc/fortran/
	PR fortran/95707
	* gfortran.h (gfc_common_head): Enlarge buffer.
	* trans-common.c (gfc_sym_mangled_common_id): Enlarge temporary
	buffers, and add check on length on mangled name to prevent
	overflow.

Comments

Thomas Koenig June 20, 2020, 9:06 a.m. UTC | #1 
Am 17.06.20 um 21:27 schrieb Harald Anlauf:
> OK for master / backports?

OK.

Thanks for the patch!

Regards

	Thomas
Jerry D June 23, 2020, 9:55 p.m. UTC | #2 
OK, and once again, thanks.
Jerry

On 6/17/20 12:27 PM, Harald Anlauf wrote:
> Another corner case of buffer overflows during name mangling found by
> Gerhard.  We now check that the new buffer sizes suffice.
>
> The patch is on top of the patches for PRs 95687, 95688, 95689.
>
> Regtested on x86_64-pc-linux-gnu.
>
> OK for master / backports?
>
> Thanks,
> Harald
>
>
> PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
>
> With submodules and equivalence declarations, name mangling may result in
> long internal symbols overflowing internal buffers.  We now check that
> we do not exceed the enlarged buffer sizes.
>
> gcc/fortran/
> 	PR fortran/95707
> 	* gfortran.h (gfc_common_head): Enlarge buffer.
> 	* trans-common.c (gfc_sym_mangled_common_id): Enlarge temporary
> 	buffers, and add check on length on mangled name to prevent
> 	overflow.
diff mbox series

Patch

diff --git a/gcc/fortran/gfortran.h b/gcc/fortran/gfortran.h
index c12a8bef277..836e0b3063d 100644
--- a/gcc/fortran/gfortran.h
+++ b/gcc/fortran/gfortran.h
@@ -1677,8 +1677,8 @@  typedef struct gfc_common_head
   char use_assoc, saved, threadprivate;
   unsigned char omp_declare_target : 1;
   unsigned char omp_declare_target_link : 1;
-  /* Provide sufficient space to hold "symbol.eq.1234567890".  */
-  char name[GFC_MAX_SYMBOL_LEN + 1 + 14];
+  /* Provide sufficient space to hold "symbol.symbol.eq.1234567890".  */
+  char name[2*GFC_MAX_SYMBOL_LEN + 1 + 14 + 1];
   struct gfc_symbol *head;
   const char* binding_label;
   int is_bind_c;
diff --git a/gcc/fortran/trans-common.c b/gcc/fortran/trans-common.c
index 1acc336eacf..c6383fc2352 100644
--- a/gcc/fortran/trans-common.c
+++ b/gcc/fortran/trans-common.c
@@ -242,11 +242,13 @@  static tree
 gfc_sym_mangled_common_id (gfc_common_head *com)
 {
   int has_underscore;
-  /* Provide sufficient space to hold "symbol.eq.1234567890__".  */
-  char mangled_name[GFC_MAX_MANGLED_SYMBOL_LEN + 1 + 16];
-  char name[GFC_MAX_SYMBOL_LEN + 1 + 16];
+  /* Provide sufficient space to hold "symbol.symbol.eq.1234567890__".  */
+  char mangled_name[2*GFC_MAX_MANGLED_SYMBOL_LEN + 1 + 16 + 1];
+  char name[sizeof (mangled_name) - 2];

   /* Get the name out of the common block pointer.  */
+  size_t len = strlen (com->name);
+  gcc_assert (len < sizeof (name));
   strcpy (name, com->name);

   /* If we're suppose to do a bind(c).  */
diff --git a/gcc/testsuite/gfortran.dg/pr95707.f90 b/gcc/testsuite/gfortran.dg/pr95707.f90
new file mode 100644
index 00000000000..3279a6320cf
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95707.f90
@@ -0,0 +1,16 @@ 
+! { dg-do compile }
+! { dg-options "-fsecond-underscore" }
+! PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
+
+module m2345678901234567890123456789012345678901234567890123456789_123
+  interface
+     module subroutine s2345678901234567890123456789012345678901234567890123456789_123
+     end
+  end interface
+end
+submodule(m2345678901234567890123456789012345678901234567890123456789_123) &
+          n2345678901234567890123456789012345678901234567890123456789_123
+  real :: a(4), u(3,2)
+  real :: b(4), v(4,2)
+  equivalence (a(1),u(1,1)), (b(1),v(1,1))
+end