This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[aarch64] Allocate enough space for err_str in aarch64_handle_attr_branch_protection
- From: Matthew Malcomson <Matthew dot Malcomson at arm dot com>
- To: "gcc-patches at gcc dot gnu dot org" <gcc-patches at gcc dot gnu dot org>
- Cc: nd <nd at arm dot com>, "rguenther at suse dot de" <rguenther at suse dot de>, James Greenhalgh <James dot Greenhalgh at arm dot com>, Martin Liska <mliska at suse dot cz>, Richard Earnshaw <Richard dot Earnshaw at arm dot com>, Kyrylo Tkachov <Kyrylo dot Tkachov at arm dot com>, Marcus Shawcroft <Marcus dot Shawcroft at arm dot com>
- Date: Tue, 5 Nov 2019 11:33:53 +0000
- Subject: [aarch64] Allocate enough space for err_str in aarch64_handle_attr_branch_protection
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OSXfjZlsqQKAOPa14O+l8SNnVzv8C89cUHud/i9Dam8=; b=LFlH74Ssh4lnFJuO9g08XLr4euiumoH69WYgFm++UEPxzZhFoE/tOEkgmw1pniGXvwLlNmF6F91xhOdAu7DNbRKIBqv4xAIn6CtrEEYGCFE2GOqNxeUpdcYOVTBeWx2c04DMyGRupXy8VYGVT1D+x0kGAWnwg5FJn8wCRMcfv0yKXxJgSwzvn0WWPP9lNaKKiavNFddxnkpnrsFKGx7GSwUYyr9a1Di22CcJtpcRwmjOjdodMD0YgUG5grvPSVGq8E7lvCWfn+8IJM1hYJ4Vqv0l31EwKJFBloiw6WHvYn4fjDNe6l12XKFA13CToicgmy3QcmMvyJbmLDDkCavFnw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EAZIzxYlbBcW6W9VTc8Z3fFIeLDKeCY+vWOrFLhoAJF3ULTArK0l/okveSRuxqVdQgxOW7YVRs4tbv2/FAtdxE3B33tppZ2+iqGt6vRR5l8mX4tqJHXqgR0txr+9OBUzyEhFBdgU629UEnxU5azlD6nPALGV8TPAkFuqDgmLDdqtXLC5Kc5Nf/pCO2gLfGXGlqIt8jVdv3rLDpIX2RbpxVskXGnhigo9Jmn6YzgtMTPjnQs0JWpiSOG0TDn7cyG9FXCWBtqX4HLwLPIvkzIuZzXHvN9KH5ztHgi9DgnVqzuf3UniJnYwqiD/M+9z9DeRepbD6j2BouFMjnZZ+qi3Tw==
- Original-authentication-results: spf=none (sender IP is ) smtp.mailfrom=Matthew dot Malcomson at arm dot com;
- References: <157295142743.27946.1142544630216676787.scripted-patch-series@arm.com>
-fsanitize=hwaddress found a one-byte overwrite when running the
testsuite here. aarch64_handle_attr_branch_protection allocates
`strlen(str)` bytes for an error string, which is populated by
`strcpy(..., str)` in the case where the branch protection string is
completely invalid.
Tested on aarch64 with hwasan (though not a full bootstrap since it's
obvious).
gcc/ChangeLog:
2019-11-05 Matthew Malcomson <matthew.malcomson@arm.com>
* config/aarch64/aarch64.c (aarch64_handle_attr_cpu): Allocate
enough bytes for the NULL character.
############### Attachment also inlined for ease of reply ###############
diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
index 232317d4a5a4a16529f573eef5a8d7a068068207..fc03faa8f8d459a84024d4394fff375b72d31264 100644
--- a/gcc/config/aarch64/aarch64.c
+++ b/gcc/config/aarch64/aarch64.c
@@ -13298,7 +13298,7 @@ aarch64_handle_attr_cpu (const char *str)
static bool
aarch64_handle_attr_branch_protection (const char* str)
{
- char *err_str = (char *) xmalloc (strlen (str));
+ char *err_str = (char *) xmalloc (strlen (str) + 1);
enum aarch64_parse_opt_result res = aarch64_parse_branch_protection (str,
&err_str);
bool success = false;
Attachment:
hwasan-patch01.patch
Description: hwasan-patch01.patch