From patchwork Thu Aug 12 20:28:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bill Schmidt X-Patchwork-Id: 1516425 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=i8eiFqMc; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Glyx332Mqz9sX3 for ; Fri, 13 Aug 2021 06:30:13 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E4B003833003 for ; Thu, 12 Aug 2021 20:30:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E4B003833003 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1628800209; bh=XCuGxBsECkylnCh1l2lpUOSywOAbCbDAyBCxIgPc8Jg=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=i8eiFqMc1JIpA/6ircdhuTO01l7o3GJT0k+fpXXlCVawCgXiMO+O5elZETJlkyQ+t 4QqYkG/FC55Zah0/Pwroi0gYFcDrX7sVe+DfwkNP4kht9MsYxbmqlrv6FNY9Eo34Dz Fb1qnMEUU55onE0H8PTDb8sy2s9a8E7QsVjulS1s= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by sourceware.org (Postfix) with ESMTPS id 667AE39BB432 for ; Thu, 12 Aug 2021 20:29:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 667AE39BB432 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17CKDJs7112502; Thu, 12 Aug 2021 16:29:15 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3accug8rx9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Aug 2021 16:29:15 -0400 Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17CKEOha115274; Thu, 12 Aug 2021 16:29:14 -0400 Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0a-001b2d01.pphosted.com with ESMTP id 3accug8rww-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Aug 2021 16:29:14 -0400 Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17CKHAF8006176; Thu, 12 Aug 2021 20:29:13 GMT Received: from b01cxnp23032.gho.pok.ibm.com (b01cxnp23032.gho.pok.ibm.com [9.57.198.27]) by ppma04wdc.us.ibm.com with ESMTP id 3a9hteymby-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Aug 2021 20:29:13 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17CKTDxg36176220 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 12 Aug 2021 20:29:13 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E3326112063; Thu, 12 Aug 2021 20:29:12 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CACE9112065; Thu, 12 Aug 2021 20:29:12 +0000 (GMT) Received: from localhost (unknown [9.40.194.84]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Thu, 12 Aug 2021 20:29:12 +0000 (GMT) To: gcc-patches@gcc.gnu.org Subject: [PATCH] rs6000: Avoid buffer overruns Date: Thu, 12 Aug 2021 15:28:59 -0500 Message-Id: <5ad275929137bf8866c97d1281edf57f71fbeea8.1628799111.git.wschmidt@linux.ibm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <864c684b0d309c51bbf096e1030ab2089d683070.1628799111.git.wschmidt@linux.ibm.com> References: <864c684b0d309c51bbf096e1030ab2089d683070.1628799111.git.wschmidt@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 5p9JYbJCfJVmjV63hLcAK0wS0_74fac4 X-Proofpoint-ORIG-GUID: 4m7UU6FFfjBj5ytGqHl_TODOTiGhiQQ7 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-12_06:2021-08-12, 2021-08-12 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 adultscore=0 spamscore=0 mlxlogscore=999 clxscore=1015 impostorscore=0 bulkscore=0 priorityscore=1501 malwarescore=0 mlxscore=0 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108120130 X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Bill Schmidt via Gcc-patches From: Bill Schmidt Reply-To: Bill Schmidt Cc: dje.gcc@gmail.com, segher@kernel.crashing.org Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" Although safe_inc_pos avoids buffer overruns in rs6000-gen-builtins.c, there are some other routines where we fail to detect the possibility. Clean those up! Regstrap in progress on powerpc64le-linux-gnu. OK for trunk if that passes? Thanks, Bill 2021-08-12 Bill Schmidt gcc/ * config/rs6000/rs6000-gen-builtins.c (consume_whitespace): Diagnose buffer overrun. (match_identifier): Likewise. (match_integer): Likewise. (match_to_right_bracket): Likewise. --- gcc/config/rs6000/rs6000-gen-builtins.c | 32 ++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/gcc/config/rs6000/rs6000-gen-builtins.c b/gcc/config/rs6000/rs6000-gen-builtins.c index 22902c37d55..ff8872c59e4 100644 --- a/gcc/config/rs6000/rs6000-gen-builtins.c +++ b/gcc/config/rs6000/rs6000-gen-builtins.c @@ -638,6 +638,13 @@ consume_whitespace (void) { while (pos < LINELEN && isspace(linebuf[pos]) && linebuf[pos] != '\n') pos++; + + if (pos >= LINELEN) + { + diag (pos, "line length overrun.\n"); + exit (1); + } + return; } @@ -697,9 +704,16 @@ static char * match_identifier (void) { int lastpos = pos - 1; - while (isalnum (linebuf[lastpos + 1]) || linebuf[lastpos + 1] == '_') + while (lastpos < LINELEN - 1 + && (isalnum (linebuf[lastpos + 1]) || linebuf[lastpos + 1] == '_')) ++lastpos; + if (lastpos >= LINELEN - 1) + { + diag (lastpos, "line length overrun.\n"); + exit (1); + } + if (lastpos < pos) return 0; @@ -721,9 +735,15 @@ match_integer (void) safe_inc_pos (); int lastpos = pos - 1; - while (isdigit (linebuf[lastpos + 1])) + while (lastpos < LINELEN - 1 && isdigit (linebuf[lastpos + 1])) ++lastpos; + if (lastpos >= LINELEN - 1) + { + diag (lastpos, "line length overrun.\n"); + exit (1); + } + if (lastpos < pos) return NULL; @@ -741,13 +761,19 @@ static const char * match_to_right_bracket (void) { int lastpos = pos - 1; - while (linebuf[lastpos + 1] != ']') + while (lastpos < LINELEN - 1 && linebuf[lastpos + 1] != ']') { if (linebuf[lastpos + 1] == '\n') fatal ("no ']' found before end of line.\n"); ++lastpos; } + if (lastpos >= LINELEN - 1) + { + diag (lastpos, "line length overrun.\n"); + exit (1); + } + if (lastpos < pos) return 0;