]> gcc.gnu.org Git - gcc.git/commit
git://gcc.gnu.org / gcc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9a674ed) | patch
riscv: Allocate enough space to strcpy() string
authorChristoph Müllner <christoph.muellner@vrull.eu>
Fri, 14 Jun 2024 18:37:04 +0000 (20:37 +0200)
committerChristoph Müllner <christoph.muellner@vrull.eu>
Sat, 15 Jun 2024 10:05:56 +0000 (12:05 +0200)
commit6762d5738b02d84ad3f51e89979b48acb68db65b
tree35a0913df89acdbc760457f24d6b4c29c37bc32atree
parent9a674ed5584e1c3060bbc7caed9bcd42c48be51fcommit | diff
riscv: Allocate enough space to strcpy() string

I triggered an ICE on Ubuntu 24.04 when compiling code that uses
function attributes. Looking into the sources shows that we have
a systematic issue in the attribute handling code:
* we determine the length with strlen() (excluding the terminating null)
* we allocate a buffer with this length
* we copy the original string using strcpy() (incl. the terminating null)

To quote the man page of strcpy():
"The programmer is responsible for allocating a  destination  buffer
large  enough,  that  is, strlen(src)  + 1."

The ICE looks like this:

*** buffer overflow detected ***: terminated
xtheadmempair_bench.c:14:1: internal compiler error: Aborted
   14 | {
      | ^
0xaf3b99 crash_signal
        /home/ubuntu/src/gcc/scaleff/gcc/toplev.cc:319
0xe5b957 strcpy
        /usr/include/riscv64-linux-gnu/bits/string_fortified.h:79
0xe5b957 riscv_process_target_attr
        /home/ubuntu/src/gcc/scaleff/gcc/config/riscv/riscv-target-attr.cc:339
0xe5baaf riscv_process_target_attr
        /home/ubuntu/src/gcc/scaleff/gcc/config/riscv/riscv-target-attr.cc:314
0xe5bc5f riscv_option_valid_attribute_p(tree_node*, tree_node*, tree_node*, int)
        /home/ubuntu/src/gcc/scaleff/gcc/config/riscv/riscv-target-attr.cc:389
0x6a31e5 handle_target_attribute
        /home/ubuntu/src/gcc/scaleff/gcc/c-family/c-attribs.cc:5915
0x5d3a07 decl_attributes(tree_node**, tree_node*, int, tree_node*)
        /home/ubuntu/src/gcc/scaleff/gcc/attribs.cc:900
0x5db403 c_decl_attributes
        /home/ubuntu/src/gcc/scaleff/gcc/c/c-decl.cc:5501
0x5e8965 start_function(c_declspecs*, c_declarator*, tree_node*)
        /home/ubuntu/src/gcc/scaleff/gcc/c/c-decl.cc:10562
0x6318ed c_parser_declaration_or_fndef
        /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:2914
0x63a8ad c_parser_external_declaration
        /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:2048
0x63b219 c_parser_translation_unit
        /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:1902
0x63b219 c_parse_file()
        /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:27277
0x68fec5 c_common_parse_file()
        /home/ubuntu/src/gcc/scaleff/gcc/c-family/c-opts.cc:1311
Please submit a full bug report, with preprocessed source (by using -freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.

gcc/ChangeLog:

* config/riscv/riscv-target-attr.cc (riscv_target_attr_parser::parse_arch):
Fix allocation size of buffer.
(riscv_process_one_target_attr): Likewise.
(riscv_process_target_attr): Likewise.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
gcc/config/riscv/riscv-target-attr.cc diff | blob | blame | history
GNU Compiler Collection
This page took 3.39308 seconds and 6 git commands to generate.