From patchwork Wed Jun 17 19:27:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harald Anlauf X-Patchwork-Id: 1311441 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256 header.s=badeba3b8450 header.b=ReqZAmiq; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49nFSj3cx8z9sRW for ; Thu, 18 Jun 2020 05:27:16 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 055DA39D984C; Wed, 17 Jun 2020 19:27:14 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by sourceware.org (Postfix) with ESMTPS id E063C394849E; Wed, 17 Jun 2020 19:27:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org E063C394849E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=anlauf@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1592422029; bh=fsj2i1xtNhpzoVpLdDH8l7q/PTO2cr3plFz892nHr7A=; h=X-UI-Sender-Class:From:To:Subject:Date; b=ReqZAmiqb1ZTTOgBMBj8j2936fLUjuF2ga4IUMT0eMRpFWu3OJX6iVznUANPz5sIf oOnpPU11tRfz9pva1nSpdXfLk6P0SQ15cB9O6MRs3LlBsAiskcsza9uh5zKGObjyBx 32vk7CvGUXTmj50ENOqx/UWRf/w1KLzgLi6YcBrY= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [93.207.80.117] ([93.207.80.117]) by web-mail.gmx.net (3c-app-gmx-bs33.server.lan [172.19.170.85]) (via HTTP); Wed, 17 Jun 2020 21:27:09 +0200 MIME-Version: 1.0 Message-ID: From: Harald Anlauf To: fortran , gcc-patches Subject: [PATCH] PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319 Date: Wed, 17 Jun 2020 21:27:09 +0200 Importance: normal Sensitivity: Normal X-Priority: 3 X-Provags-ID: V03:K1:iEH6HZ26FTHv+gHnXI3N8fyLdE3Kwj+naerk8ym3j+Ud8a6X7DWUBgnS8457LCzVHet8v sk1XiY5Sls5JTkE63VlMevW9HHoZeVou4F8smdhWNsP2K6xciHkpD60ECLEoFmrZ03eK7F4wdApF iB4JjAzIo6RKs8jCsaqy/KEm0UuSLO0QI94+Xrh+btEUASaY3igZm/ifYeET2Zp5btYMhsFUNqU7 aXcTB91vJ7ETIOboSSfmYcZQ06BkxZY5FqwtCsjqtEL9OamxeEt3s/Bd+aatIFIRw4Np+J/3IOY0 Ag= X-UI-Out-Filterresults: notjunk:1;V03:K0:Y7vKmCBrDTI=:L+zOcIDNcO2Eksk7PGcSaJ JjKlcqk8DF+VTCg6szEzKCxrk0f0bKEEoFRJ7/ghAy3hOasE+nhEBghTxXtuSryAnhP9Co1lv wfKP96rQQ3RYvxBaHEfdC569LbnrbElHZCWf6GAGeb2WMImVV55gdGlNy5QfcnRLNWxeFutrq aLV4Z4g6lHzJ6f3GjW8bevm4gH2KaJod7ASUgfBaWifDg3iCfMVbeWRidJMxzMHanCUo2zcNS f7DbHPIKG/qeCE6M4gipesCU4M5bVyJZjKdS2Fpj5Onr9u70IQ98Wl+Cat+irXWozJrRraazM m4iY+6ycwJBp5mq8M5Dwzq6dha10DQhknl3XhTeK6YTZRuE8Of5XyzZlQHBElqHsh3/qBALIX 9cKVhVUa1y/wZTZg3a20y+gAb6seFCz4iZ+jSjEbG5pnFuTDfav2a/fveAyXmGA/fNHU4js1T /S7DhnPxaxXF/lnm9A2efcksMDqOPfbunytw+lpWLhvPJq+kLGAoaCzO+kv26azbfdSqVW+tN wzzsze1XVryJjI9HL5ACvZyLZhu3aEEcQi2vjn1jlDvCCnns2MHkerc4sSeesULJrhFSu+D0G 2gD5j0zHDxZILDAnjUwGgwxZPoaJwzgFh62qPXbv8E7Zog3nR7EQnaB7ASMhTBe9RiMk1lXb3 8/yzipufQpzLGzrNNIaKYQeyMlXJip+F4t4XBhW+laqLrcg== X-Spam-Status: No, score=-11.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, GIT_PATCH_0, KAM_NUMSUBJECT, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces@gcc.gnu.org Sender: "Gcc-patches" Another corner case of buffer overflows during name mangling found by Gerhard. We now check that the new buffer sizes suffice. The patch is on top of the patches for PRs 95687, 95688, 95689. Regtested on x86_64-pc-linux-gnu. OK for master / backports? Thanks, Harald PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319 With submodules and equivalence declarations, name mangling may result in long internal symbols overflowing internal buffers. We now check that we do not exceed the enlarged buffer sizes. gcc/fortran/ PR fortran/95707 * gfortran.h (gfc_common_head): Enlarge buffer. * trans-common.c (gfc_sym_mangled_common_id): Enlarge temporary buffers, and add check on length on mangled name to prevent overflow. diff --git a/gcc/fortran/gfortran.h b/gcc/fortran/gfortran.h index c12a8bef277..836e0b3063d 100644 --- a/gcc/fortran/gfortran.h +++ b/gcc/fortran/gfortran.h @@ -1677,8 +1677,8 @@ typedef struct gfc_common_head char use_assoc, saved, threadprivate; unsigned char omp_declare_target : 1; unsigned char omp_declare_target_link : 1; - /* Provide sufficient space to hold "symbol.eq.1234567890". */ - char name[GFC_MAX_SYMBOL_LEN + 1 + 14]; + /* Provide sufficient space to hold "symbol.symbol.eq.1234567890". */ + char name[2*GFC_MAX_SYMBOL_LEN + 1 + 14 + 1]; struct gfc_symbol *head; const char* binding_label; int is_bind_c; diff --git a/gcc/fortran/trans-common.c b/gcc/fortran/trans-common.c index 1acc336eacf..c6383fc2352 100644 --- a/gcc/fortran/trans-common.c +++ b/gcc/fortran/trans-common.c @@ -242,11 +242,13 @@ static tree gfc_sym_mangled_common_id (gfc_common_head *com) { int has_underscore; - /* Provide sufficient space to hold "symbol.eq.1234567890__". */ - char mangled_name[GFC_MAX_MANGLED_SYMBOL_LEN + 1 + 16]; - char name[GFC_MAX_SYMBOL_LEN + 1 + 16]; + /* Provide sufficient space to hold "symbol.symbol.eq.1234567890__". */ + char mangled_name[2*GFC_MAX_MANGLED_SYMBOL_LEN + 1 + 16 + 1]; + char name[sizeof (mangled_name) - 2]; /* Get the name out of the common block pointer. */ + size_t len = strlen (com->name); + gcc_assert (len < sizeof (name)); strcpy (name, com->name); /* If we're suppose to do a bind(c). */ diff --git a/gcc/testsuite/gfortran.dg/pr95707.f90 b/gcc/testsuite/gfortran.dg/pr95707.f90 new file mode 100644 index 00000000000..3279a6320cf --- /dev/null +++ b/gcc/testsuite/gfortran.dg/pr95707.f90 @@ -0,0 +1,16 @@ +! { dg-do compile } +! { dg-options "-fsecond-underscore" } +! PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319 + +module m2345678901234567890123456789012345678901234567890123456789_123 + interface + module subroutine s2345678901234567890123456789012345678901234567890123456789_123 + end + end interface +end +submodule(m2345678901234567890123456789012345678901234567890123456789_123) & + n2345678901234567890123456789012345678901234567890123456789_123 + real :: a(4), u(3,2) + real :: b(4), v(4,2) + equivalence (a(1),u(1,1)), (b(1),v(1,1)) +end