This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [aarch64] Allocate enough space for err_str in aarch64_handle_attr_branch_protection
- From: Kyrylo Tkachov <Kyrylo dot Tkachov at arm dot com>
- To: Matthew Malcomson <Matthew dot Malcomson at arm dot com>, "gcc-patches at gcc dot gnu dot org" <gcc-patches at gcc dot gnu dot org>
- Cc: "rguenther at suse dot de" <rguenther at suse dot de>, James Greenhalgh <James dot Greenhalgh at arm dot com>, Martin Liska <mliska at suse dot cz>, Richard Earnshaw <Richard dot Earnshaw at arm dot com>, Marcus Shawcroft <Marcus dot Shawcroft at arm dot com>
- Date: Tue, 5 Nov 2019 11:38:31 +0000
- Subject: Re: [aarch64] Allocate enough space for err_str in aarch64_handle_attr_branch_protection
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4DNK0mYGyIrXOiI1aH1oQ/+FypNIKZA4cE9LqWYXUD4=; b=V1FI5J/bjIFjRscodT5tUavhzYSoSZgz5a5HZNji8yw2SgNPoizTR+fdQGz3Eu6yU3nVEl8gUNNGkucIYCYhiSABxXrVcM1LOBJ9+QaKLy2UMX0LWKEfMeN5OF6Tmv78utkOc8Y53zI+/nHZlO2eKqVpyLs2B65QMwNHZFGMCV0sxzwRnUl7P6MN/eKHIXLoDm0wphOJ0KB/mTqf9Xh8Rbo7KuTqB0t/LyBKZL/tA/GSCTjuFw9qV9H/ZAQCjOj/+PpuNydSy6VHZldbRlDDeOy70Xy5S6n8KmMEgrIPbN+pVh6VQGp0UQgvhFGd2Lh2z8uUbJVOEbzpkjQAhCil1Q==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fZ6Vk2V2UVEuGUAG1XxNBDfIAlzkasIEUViNFd0KrRoAvbG+x7yeIgg1Xq7kUcD7z2TrH7RGRBzjus8igb3+XE+eW6yjldNsvRvv9qMibL+igJ6bQ5XOxeweFmZ9fmognUmv95nQfggM0aEXq5FYIDZrHf76GTNxBxNcIHlME2mvGC2yakIM93LaA3wBsTSRoFbcNrpeDlmQkFNa262pPpluIJbtbKEUyO79MCvGBI/hg6IrB4vf4yELO7QD5HFdVQDCHRlphnsCxsq8/pR0OkvT+rhhH6B+a266l/iJeL93Iez9Vq7BCnby2rWjzmGMFRbP4bR3C4w/Zfq7zmYAyA==
- Original-authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kyrylo dot Tkachov at arm dot com;
- References: <157295142743.27946.1142544630216676787.scripted-patch-series@arm.com> <HE1PR0802MB2251D65805A4574FE7834AD5E07E0@HE1PR0802MB2251.eurprd08.prod.outlook.com>
Hi Matthew,
On 11/5/19 11:33 AM, Matthew Malcomson wrote:
> -fsanitize=hwaddress found a one-byte overwrite when running the
> testsuite here. aarch64_handle_attr_branch_protection allocates
> `strlen(str)` bytes for an error string, which is populated by
> `strcpy(..., str)` in the case where the branch protection string is
> completely invalid.
>
> Tested on aarch64 with hwasan (though not a full bootstrap since it's
> obvious).
>
Nice to see hwasan catching these things!
Ok.
Thanks,
Kyrill
> gcc/ChangeLog:
>
> 2019-11-05 Matthew Malcomson <matthew.malcomson@arm.com>
>
> * config/aarch64/aarch64.c (aarch64_handle_attr_cpu): Allocate
> enough bytes for the NULL character.
>
>
>
> ############### Attachment also inlined for ease of reply
> ###############
>
>
> diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
> index
> 232317d4a5a4a16529f573eef5a8d7a068068207..fc03faa8f8d459a84024d4394fff375b72d31264
> 100644
> --- a/gcc/config/aarch64/aarch64.c
> +++ b/gcc/config/aarch64/aarch64.c
> @@ -13298,7 +13298,7 @@ aarch64_handle_attr_cpu (const char *str)
> static bool
> aarch64_handle_attr_branch_protection (const char* str)
> {
> - char *err_str = (char *) xmalloc (strlen (str));
> + char *err_str = (char *) xmalloc (strlen (str) + 1);
> enum aarch64_parse_opt_result res = aarch64_parse_branch_protection
> (str,
> &err_str);
> bool success = false;
>