From patchwork Fri Jun 14 20:58:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christoph_M=C3=BCllner?= X-Patchwork-Id: 1948129 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=vrull.eu header.i=@vrull.eu header.a=rsa-sha256 header.s=google header.b=peAss2s1; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4W1BTx4zYGz20Wb for ; Sat, 15 Jun 2024 06:59:17 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B14F83882126 for ; Fri, 14 Jun 2024 20:59:15 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) by sourceware.org (Postfix) with ESMTPS id 822AA3882100 for ; Fri, 14 Jun 2024 20:58:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 822AA3882100 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=vrull.eu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=vrull.eu ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 822AA3882100 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::235 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718398734; cv=none; b=xX9VLlS/zCuJSk33kRmWqYSnWbotOhw9HdYBlebhIyEgegsTRhme6nd+Pi67AX8/zSQZSDK2Zj7fN3noflBCirSeMaw35WqN5JKkR1t8W3xk4WjTk/MpKI4XqEsk4TEl3LlpHceAn9GI5fURirSEixtwE1i13oFIceA9fQm5C2o= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718398734; c=relaxed/simple; bh=jjFIJxy9aRV7IdvlgAqOa2gsuCAH1p6Pyhns6neWYjk=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=ZAZw7rYTeHr75waG0Ldi5Ojc7uhITvjTWzmJFIKfSuu46H3aUnDTapVFjYijApqj7sGMy+njOPZEi9LUoKC357dCmvXHO2y9/eAl2cPnygbReuyah8Lky9lrUM8uBYptrBPMkAa9vOoguAwpXo/5rIT0sZbEzWKI/QwH09yoasA= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-lj1-x235.google.com with SMTP id 38308e7fff4ca-2eadaac1d28so26086851fa.3 for ; Fri, 14 Jun 2024 13:58:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vrull.eu; s=google; t=1718398729; x=1719003529; darn=gcc.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=TvcPJMa48rXOcDRvZhQj9pSJnBQrG6cF0SypdfNMi8s=; b=peAss2s1/FFdjSXGKPQcmJdzaNaoQRETgvmQLS/Eikbup5QiIbA2BtMwLLy8wdR7C/ nRiHq/T/5IJNBJIUEzVV0dVhwjWGFVR9t879E/fvj5w5ZVjs5Kd0MdS00Cx02YpNZwCt 7HjT/aDPvXZq1cwE9dpnd/YnxDbnWSokGw6FW+4mvjzs+NFOtMqa7WcLGy4ADV/UzAIG +MTa5ysJ2Q2MXz7cke4e35HlQLDMaU3k8utlYUTSLjYZ9NSQdnsmsZT8ShGV75w0GBGU bejHijQcHJOFEGRcuxniMfQb6huHHira8Rb2G7JIPByur20rvCoVxtMHj5WDVrDdp3/i 9YOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718398729; x=1719003529; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TvcPJMa48rXOcDRvZhQj9pSJnBQrG6cF0SypdfNMi8s=; b=o5c3pNtLJIGB7+vEDxV2//JB1Wj9OnX2yHpVFuyzh6YA9CH5fDuGMVD6jgrq+XVezn Tt9YEYrIBcveEjnkVOhWF6o6Qs7K8nAYQn2tqLFK1WumO/8ZF8FmxWOkqqasVEr/h2Rj J7S+Bs90G/GT6HDCh3k/Dpa54GLX/rjeUVyPYC+DD3RanYfqTjblje5GJHu2G78mlSi4 cd2iC+NJFMT82FkboMqheStW882S/H9ECpBXHheqWdOAMwKfZDZv7fL4NAxzY0rekhj9 3Fr5m7R4LuGYLx5Pw4J9oKhgt3SJ7HqVpnnxJs7cA4VVuxt2LObgiEZftK3L6X1eINF4 k/7Q== X-Gm-Message-State: AOJu0YwBuFAnbPoUDVlSkhEsdV7ymkuu8BTyLccKeRtL6szv3TvtodtP 15ou6Gya11O+PJ9x5SHA0IvKHCa+jarBoto98tyKzJLU13wRCb7btt8yhd7PZ75w1/g34o3r4iu KeSc= X-Google-Smtp-Source: AGHT+IFFBVa1cEaoMxutkotfIOkzBjNfa+8uGTQfz+ZEoB7V7KvJh04qADs0oD44DLoRbmNyH+iCfw== X-Received: by 2002:a05:651c:10d2:b0:2ec:17c6:bbf with SMTP id 38308e7fff4ca-2ec17c60f14mr18401401fa.2.1718398728326; Fri, 14 Jun 2024 13:58:48 -0700 (PDT) Received: from antares.fritz.box (62-178-148-172.cable.dynamic.surfer.at. [62.178.148.172]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57cbc2d4b0dsm1947275a12.33.2024.06.14.13.58.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Jun 2024 13:58:47 -0700 (PDT) From: =?utf-8?q?Christoph_M=C3=BCllner?= To: gcc-patches@gcc.gnu.org, Kito Cheng , Jim Wilson , Palmer Dabbelt , Andrew Waterman , Philipp Tomsich , Jeff Law Cc: =?utf-8?q?Christoph_M=C3=BCllner?= Subject: [PATCH] riscv: Allocate enough space to strcpy() string Date: Fri, 14 Jun 2024 22:58:45 +0200 Message-ID: <20240614205845.1143376-1-christoph.muellner@vrull.eu> X-Mailer: git-send-email 2.45.1 MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_MANYTO, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE, WEIRD_PORT autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org I triggered an ICE on Ubuntu 24.04 when compiling code that uses function attributes. Looking into the sources shows that we have a systematic issue in the attribute handling code: * we determine the length with strlen() (excluding the terminating null) * we allocate a buffer with this length * we copy the original string using strcpy() (incl. the terminating null) To quote the man page of strcpy(): "The programmer is responsible for allocating a destination buffer large enough, that is, strlen(src) + 1." The ICE looks like this: *** buffer overflow detected ***: terminated xtheadmempair_bench.c:14:1: internal compiler error: Aborted 14 | { | ^ 0xaf3b99 crash_signal /home/ubuntu/src/gcc/scaleff/gcc/toplev.cc:319 0xe5b957 strcpy /usr/include/riscv64-linux-gnu/bits/string_fortified.h:79 0xe5b957 riscv_process_target_attr /home/ubuntu/src/gcc/scaleff/gcc/config/riscv/riscv-target-attr.cc:339 0xe5baaf riscv_process_target_attr /home/ubuntu/src/gcc/scaleff/gcc/config/riscv/riscv-target-attr.cc:314 0xe5bc5f riscv_option_valid_attribute_p(tree_node*, tree_node*, tree_node*, int) /home/ubuntu/src/gcc/scaleff/gcc/config/riscv/riscv-target-attr.cc:389 0x6a31e5 handle_target_attribute /home/ubuntu/src/gcc/scaleff/gcc/c-family/c-attribs.cc:5915 0x5d3a07 decl_attributes(tree_node**, tree_node*, int, tree_node*) /home/ubuntu/src/gcc/scaleff/gcc/attribs.cc:900 0x5db403 c_decl_attributes /home/ubuntu/src/gcc/scaleff/gcc/c/c-decl.cc:5501 0x5e8965 start_function(c_declspecs*, c_declarator*, tree_node*) /home/ubuntu/src/gcc/scaleff/gcc/c/c-decl.cc:10562 0x6318ed c_parser_declaration_or_fndef /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:2914 0x63a8ad c_parser_external_declaration /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:2048 0x63b219 c_parser_translation_unit /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:1902 0x63b219 c_parse_file() /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:27277 0x68fec5 c_common_parse_file() /home/ubuntu/src/gcc/scaleff/gcc/c-family/c-opts.cc:1311 Please submit a full bug report, with preprocessed source (by using -freport-bug). Please include the complete backtrace with any bug report. See for instructions. gcc/ChangeLog: * config/riscv/riscv-target-attr.cc (riscv_target_attr_parser::parse_arch): Fix allocation size of buffer. (riscv_process_one_target_attr): Likewise. (riscv_process_target_attr): Likewise. Signed-off-by: Christoph Müllner --- gcc/config/riscv/riscv-target-attr.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gcc/config/riscv/riscv-target-attr.cc b/gcc/config/riscv/riscv-target-attr.cc index 1a73d69bf50..19eb7b06d54 100644 --- a/gcc/config/riscv/riscv-target-attr.cc +++ b/gcc/config/riscv/riscv-target-attr.cc @@ -109,7 +109,7 @@ riscv_target_attr_parser::parse_arch (const char *str) { /* Parsing the extension list like "+[,+]*". */ size_t len = strlen (str); - std::unique_ptr buf (new char[len]); + std::unique_ptr buf (new char[len+1]); char *str_to_check = buf.get (); strcpy (str_to_check, str); const char *token = strtok_r (str_to_check, ",", &str_to_check); @@ -247,7 +247,7 @@ riscv_process_one_target_attr (char *arg_str, return false; } - std::unique_ptr buf (new char[len]); + std::unique_ptr buf (new char[len+1]); char *str_to_check = buf.get(); strcpy (str_to_check, arg_str); @@ -334,7 +334,7 @@ riscv_process_target_attr (tree fndecl, tree args, location_t loc, return false; } - std::unique_ptr buf (new char[len]); + std::unique_ptr buf (new char[len+1]); char *str_to_check = buf.get (); strcpy (str_to_check, TREE_STRING_POINTER (args));