This is the mail archive of the fortran@gcc.gnu.org mailing list for the GNU Fortran project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Fix a buffer overflow in libgfortran (take 2)

From: Janne Blomqvist <blomqvist dot janne at gmail dot com>
To: Jakub Jelinek <jakub at redhat dot com>
Cc: fortran at gcc dot gnu dot org, gcc-patches at gcc dot gnu dot org
Date: Tue, 08 Apr 2008 21:44:24 +0300
Subject: Re: [PATCH] Fix a buffer overflow in libgfortran (take 2)
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=CjvjWNpjSdVBwFzsOIafwmFp4BgbUMD6LDssiGqBT9c=; b=suhZLRaNmVFdqhQZ6FRpKf+e+y1TIMIDKznSQ+c+osyhmTjaDbZI6zO2yA/8SQpS0jVdUArPTcEyy8qESDbHIvp2KRRn8NWpjC4sgOyz+DR+yFgMlsVcIUKcMM5N1K5dC0CSPurOaUT7qXQZeZTZCiVORf1YgQauGLCteRFexZc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=gnS5j61w/aZlKOjDeuUTGg7hjuKFnAluFv7Y2E9VJ72Lee8aazUtI77KA3I/RAVacVWucOoW+3+udml+ENUsE7H0Nz/CNyrIjgQ9+gw0WRkLhasl98s2gp3AQ+16D7kC97LLlcURUbDvCeMhZ/L8sU6FwjUs93O0PkEz60F5nVo=
References: <20080407131123.GC20478@devserv.devel.redhat.com> <20080408183051.GL20478@devserv.devel.redhat.com>

Jakub Jelinek wrote:

On Mon, Apr 07, 2008 at 09:11:23AM -0400, Jakub Jelinek wrote:

If i?86-linux libgfortran is built with -fstack-protector, it crashes on
namelist_40 testcase, because several strings nml_parse_qualifier copies
to its parse_err_msg argument are longer than 30 bytes (two are even 37
bytes long).


Here is an updated patch which deals with the actual buffer overflows
rather than cleanups that would avoid potential future buffer overflows.
I'll leave the rest to libgfortran maintainers.

On the attached testcase libgfortran actually crashes even on x86_64-linux
and even without -fstack-protector, the patch cures that.

Ok for trunk/4.3?

Ok for trunk. Wait a few days before committing to 4.3, in case some unexpected problems pop up.

Thanks.

--
Janne Blomqvist

References:
- [PATCH] Fix a buffer overflow in libgfortran
  - From: Jakub Jelinek
- [PATCH] Fix a buffer overflow in libgfortran (take 2)
  - From: Jakub Jelinek

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]