This is the mail archive of the
fortran@gcc.gnu.org
mailing list for the GNU Fortran project.
[vta, trunk] don't leak uninitialized stack state into output
- From: Alexandre Oliva <aoliva at redhat dot com>
- To: gcc-patches at gcc dot gnu dot org, fortran at gcc dot gnu dot org
- Date: Sun, 01 Mar 2009 03:17:25 -0300
- Subject: [vta, trunk] don't leak uninitialized stack state into output
When building certain initializers, the Fortran front-end allocates a
buffer on the stack, sets up some elements of it from the source of the
initialization, and then proceeds to use the entire buffer to initialize
a larger destination. The result is that the uninitialized portion of
the buffer leaks into the program output.
I figured zero-initializing the entire buffer would often be pointless,
so I decided to initialize only the portion that wasn't covered by the
source.
I'm pretty sure this was caught in a testsuite run with -fcompare-debug,
but I don't recall the exact testcase :-(
I'm installing this in the branch. Ok for trunk?
for gcc/ChangeLog.vta
from Alexandre Oliva <aoliva@redhat.com>
* fortran/simplify.c (gfc_simplify_transfer): Zero-initialize
unused portions of the buffer.
Index: gcc/fortran/simplify.c
===================================================================
--- gcc/fortran/simplify.c.orig 2008-12-10 03:13:26.000000000 -0200
+++ gcc/fortran/simplify.c 2008-12-15 03:54:04.000000000 -0200
@@ -4432,6 +4432,7 @@ gfc_simplify_transfer (gfc_expr *source,
size_t result_size;
size_t result_elt_size;
size_t buffer_size;
+ size_t used_size;
mpz_t tmp;
unsigned char *buffer;
@@ -4510,7 +4511,11 @@ gfc_simplify_transfer (gfc_expr *source,
buffer = (unsigned char*)alloca (buffer_size);
/* Now write source to the buffer. */
- gfc_target_encode_expr (source, buffer, buffer_size);
+ used_size = gfc_target_encode_expr (source, buffer, buffer_size);
+
+ /* Don't let random stack data leak into the output. */
+ if (used_size < buffer_size)
+ memset (buffer + used_size, 0, buffer_size - used_size);
/* And read the buffer back into the new expression. */
gfc_target_interpret_expr (buffer, buffer_size, result);
--
Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/ FSF Latin America board member
Free Software Evangelist Red Hat Brazil Compiler Engineer