From patchwork Wed Jun 24 21:31:05 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Harald Anlauf <anlauf@gmx.de>
X-Patchwork-Id: 1316596
Return-Path: <gcc-patches-bounces@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org
 (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org;
 envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=gmx.de
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256
 header.s=badeba3b8450 header.b=c3UO2JPv;
	dkim-atps=neutral
Received: from sourceware.org (server2.sourceware.org
 [IPv6:2620:52:3:1:0:246e:9693:128c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 49sbtX3cZhz9sRW
	for <incoming@patchwork.ozlabs.org>; Thu, 25 Jun 2020 07:31:14 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id E44A3385DC0A;
	Wed, 24 Jun 2020 21:31:09 +0000 (GMT)
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
 by sourceware.org (Postfix) with ESMTPS id 41BBB385DC0A;
 Wed, 24 Jun 2020 21:31:07 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 41BBB385DC0A
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=gmx.de
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=anlauf@gmx.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1593034265;
 bh=0vjxJEqXlqZ3D0SxSgLvOEFQhwKvIVW6H+N++KEzY2I=;
 h=X-UI-Sender-Class:From:To:Subject:Date;
 b=c3UO2JPvu/akxoxZjiE3i5oJhNp6i0PheMJCExp7oG/Yrm97CgvdQCASrWMyGjQlT
 5QP1Ck9bviXnypT/7nG2g81KzcER4purvCwgYh7J75ojncPj9Zkw7PIeqCGTX34dzE
 cYE2Nxcle/cErYoaTdeJJtCugxGQu7WtHC7vyu3w=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [93.207.81.41] ([93.207.81.41]) by web-mail.gmx.net
 (3c-app-gmx-bs13.server.lan [172.19.170.65]) (via HTTP); Wed, 24 Jun 2020
 23:31:05 +0200
MIME-Version: 1.0
Message-ID: 
 <trinity-4c1a7ea3-3a92-475c-9232-fc7446ce1c02-1593034265489@3c-app-gmx-bs13>
From: Harald Anlauf <anlauf@gmx.de>
To: fortran <fortran@gcc.gnu.org>, gcc-patches <gcc-patches@gcc.gnu.org>
Subject: [PATCH] PR fortran/95828 - Buffer overflows with SELECT RANK
Date: Wed, 24 Jun 2020 23:31:05 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: 
 V03:K1:53m+mGvMtC7g5whb3TI7GeK4WHf7yZQDN6UhxajEKitXDBNtITQ06eVsjvf1mz0PBvuqr
 kcaQPV62NOEWg+wTrXmV8r26dcSW/6DJ2huYEOJjqPp+ATJJAX+aX0b1Qqb5AXlwMpY3UfWhAAM2
 hn374FGtOsZTX1XDrfcPOqwMDuTC67rBTZgq0jcHjR1GRAhnUUVY59FwOWiiee6xzM8q4IRS4pkF
 einIhsUlH0ZXI8dDtxYxaCT0/kv72tSYqwiMfg30xvOhrHRWaGPTKciivxdRZZTlnpthry0VJ6Xd
 Rs=
X-UI-Out-Filterresults: notjunk:1;V03:K0:Ihp+pQ9wjD4=:7vaXblo4rQb4BkXs3OceX3
 AJS0rTVjpN7NiB+NbnIJBMJt+YsWiA1MXOaKTjT+AVFtIZUXnsArtMC6HM8lbwwY2AL5GHoEe
 pPO+oAOggzGB5hdKUl+1bcb2qDTNRtqCK2HIfGHZi53Zt7WAvm/hCoAARdPk0nleNcftM0GSA
 L6NiJnBDNN/ThWlFfWoKtyFIa2/zCuDNDDcbFR7RPQ1HYyxNaS+Yy5l3p6BJfThRflW+ws7A3
 J2LRiBz2fwN6NheS77TBPpqvPupxS5e5SckljRMd48jA8O02Fy1gbf/rVew1T21GyVQYA/wVC
 dDVaGGmRHSihKygamv/rKxrOYkqTdkzOgh2seKk/yl73zI3Y1lv+emAAf5Lydcg4ZCH6pEv9m
 Bkgyrb7FnUuk5UmGSINFjRpZ5xEmpQ6nbEtOTQHywKLdR8nTBwosLT7JlTg0QTPtjpb0bUig3
 3Drnzpms4YzK3PZrU4XpPrtqWKlRGMFfKK8rQ+jM4mOF+JqAis8WX+B5B02dS4yM4p2OoxI+i
 nH/wAefam9N4VkmJGsVytA0aUY7L7EH8tck/6qVC2ihkCK8j0FthhtgmrXmf2P6U+ET0/5gxV
 xvuzAtsxClGXXNi/Hj0QsjETdvles5I0iOksZ/AM29tqf4nmfdisH7MSqnPUoLKS+ZIv+8T36
 vjKoQu5DhAO1SM9EToxAa2aCJPra7pJc5u+ky/dF5vzEKOw==
X-Spam-Status: No, score=-10.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, FREEMAIL_FROM, GIT_PATCH_0, KAM_LOTSOFHASH, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <http://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <http://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Errors-To: gcc-patches-bounces@gcc.gnu.org
Sender: "Gcc-patches" <gcc-patches-bounces@gcc.gnu.org>

Another case of buffer overflow, this time coming in pairs.

Regtested on x86_64-pc-linux-gnu.

OK for master?

Thanks,
Harald


PR fortran/95828 - Buffer overflows with SELECT RANK

With SELECT RANK, name mangling results in long internal symbols that
overflows internal buffers.  Fix that.

gcc/fortran/
	PR fortran/95828
	* match.c (select_rank_set_tmp): Enlarge internal buffer used in
	generating a mangled name.
	* resolve.c (resolve_select_rank): Likewise.

diff --git a/gcc/fortran/match.c b/gcc/fortran/match.c
index 8063fcad295..b011634792e 100644
--- a/gcc/fortran/match.c
+++ b/gcc/fortran/match.c
@@ -6496,7 +6496,7 @@ static void
 select_rank_set_tmp (gfc_typespec *ts, int *case_value)
 {
   char name[2 * GFC_MAX_SYMBOL_LEN];
-  char tname[GFC_MAX_SYMBOL_LEN];
+  char tname[GFC_MAX_SYMBOL_LEN + 7];
   gfc_symtree *tmp;
   gfc_symbol *selector = select_type_stack->selector;
   gfc_symbol *sym;
diff --git a/gcc/fortran/resolve.c b/gcc/fortran/resolve.c
index c53b312f7ed..cc8676b3e03 100644
--- a/gcc/fortran/resolve.c
+++ b/gcc/fortran/resolve.c
@@ -9638,7 +9638,7 @@ resolve_select_rank (gfc_code *code, gfc_namespace *old_ns)
   gfc_namespace *ns;
   gfc_code *body, *new_st, *tail;
   gfc_case *c;
-  char tname[GFC_MAX_SYMBOL_LEN];
+  char tname[GFC_MAX_SYMBOL_LEN + 7];
   char name[2 * GFC_MAX_SYMBOL_LEN];
   gfc_symtree *st;
   gfc_expr *selector_expr = NULL;
diff --git a/gcc/testsuite/gfortran.dg/pr95828.f90 b/gcc/testsuite/gfortran.dg/pr95828.f90
new file mode 100644
index 00000000000..e85b2f11869
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95828.f90
@@ -0,0 +1,21 @@
+! { dg-do compile }
+! { dg-options "-fsecond-underscore" }
+! PR fortran/95828 - ICE in resolve_select_rank, at fortran/resolve.c:9774
+
+module m2345678901234567890123456789012345678901234567890123456789_123
+  type t2345678901234567890123456789012345678901234567890123456789_123
+  end type
+contains
+  subroutine s2345678901234567890123456789012345678901234567890123456789_123 &
+            (x2345678901234567890123456789012345678901234567890123456789_123)
+    type    (t2345678901234567890123456789012345678901234567890123456789_123) :: &
+             x2345678901234567890123456789012345678901234567890123456789_123(..)
+
+    select rank (y2345678901234567890123456789012345678901234567890123456789_123 &
+              => x2345678901234567890123456789012345678901234567890123456789_123)
+    rank (2)
+    rank (3)
+    rank default
+    end select
+  end
+end