[gcc r10-8375] PR fortran/95826 - Buffer overflows with PDTs and long symbols

Harald Anlauf anlauf@gcc.gnu.org
Fri Jun 26 19:07:38 GMT 2020 

https://gcc.gnu.org/g:32613b6af830f12ee5b6ef97edd782666f47cbb8

commit r10-8375-g32613b6af830f12ee5b6ef97edd782666f47cbb8
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Thu Jun 25 20:32:13 2020 +0200

    PR fortran/95826 - Buffer overflows with PDTs and long symbols
    
    With PDTs (parameterized derived types), name mangling results in variably
    long internal symbols.  Use a dynamic buffer instead of a fixed-size one.
    
    gcc/fortran/
            PR fortran/95826
            * decl.c (gfc_match_decl_type_spec): Replace a fixed size
            buffer by a pointer and reallocate if necessary.
    
    (cherry picked from commit 35a335a159216548fc77263ac5df71ff29d3f448)

Diff:
---
 gcc/fortran/decl.c                    |  8 +++++---
 gcc/testsuite/gfortran.dg/pr95826.f90 | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/gcc/fortran/decl.c b/gcc/fortran/decl.c
index 1b3a0898d99..adcd371b2d1 100644
--- a/gcc/fortran/decl.c
+++ b/gcc/fortran/decl.c
@@ -4080,7 +4080,7 @@ match
 gfc_match_decl_type_spec (gfc_typespec *ts, int implicit_flag)
 {
   /* Provide sufficient space to hold "pdtsymbol".  */
-  char name[GFC_MAX_SYMBOL_LEN + 1 + 3];
+  char *name = XALLOCAVEC (char, GFC_MAX_SYMBOL_LEN + 1);
   gfc_symbol *sym, *dt_sym;
   match m;
   char c;
@@ -4271,8 +4271,10 @@ gfc_match_decl_type_spec (gfc_typespec *ts, int implicit_flag)
 	  gcc_assert (!sym->attr.pdt_template && sym->attr.pdt_type);
 	  ts->u.derived = sym;
 	  const char* lower = gfc_dt_lower_string (sym->name);
-	  size_t len = strnlen (lower, sizeof (name));
-	  gcc_assert (len < sizeof (name));
+	  size_t len = strlen (lower);
+	  /* Reallocate with sufficient size.  */
+	  if (len > GFC_MAX_SYMBOL_LEN)
+	    name = XALLOCAVEC (char, len + 1);
 	  memcpy (name, lower, len);
 	  name[len] = '\0';
 	}
diff --git a/gcc/testsuite/gfortran.dg/pr95826.f90 b/gcc/testsuite/gfortran.dg/pr95826.f90
new file mode 100644
index 00000000000..8de04e65df0
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95826.f90
@@ -0,0 +1,20 @@
+! { dg-do compile }
+! { dg-options "-fsecond-underscore" }
+! PR fortran/95826 - ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290
+
+program p
+  type t2345678901234567890123456789012345678901234567890123456789_123 &
+      (a2345678901234567890123456789012345678901234567890123456789_123, &
+       b2345678901234567890123456789012345678901234567890123456789_123)
+     integer, kind :: &
+       a2345678901234567890123456789012345678901234567890123456789_123
+     integer, len :: &
+       b2345678901234567890123456789012345678901234567890123456789_123
+  end type
+  integer, parameter :: &
+       n2345678901234567890123456789012345678901234567890123456789_123 = 16
+  type(t2345678901234567890123456789012345678901234567890123456789_123 &
+      (n2345678901234567890123456789012345678901234567890123456789_123,:)), &
+       allocatable :: &
+       x2345678901234567890123456789012345678901234567890123456789_123
+end

More information about the Gcc-cvs mailing list