[PATCH, i386]: Fix PR 67484, asan detects heap-use-after-free with target options

Uros Bizjak ubizjak@gmail.com
Tue Sep 15 18:18:00 GMT 2015


Hello!

As mentioned in the PR, ix86_valid_target_attribute_tree creates
temporary copies of current options strings and saves *pointers* to
these copies with build_target_option_node. A couple of lines below,
these temporary copies are freed, leaving dangling pointers in the
saved structure.

Use xstrndup to create permanent copy of string on the heap. This will
however create a small leak, as this copy is never deallocated.

There is no test infrastructure to check for memory errors, so there
is no testcase added.

2015-09-15  Uros Bizjak  <ubizjak@gmail.com>

    PR target/67484
    * config/i386/i386.c (ix86_valid_target_attribute_tree):
    Use xstrdup to copy option_strings to opts->x_ix86_arch_string and
    opts->x_ix86_tune_string.

Bootstrapped and regression tested on x86_64-linux-gnu {,-m32}.

I'll wait a couple of days for possible comments on the above solution.

Uros.
-------------- next part --------------
Index: config/i386/i386.c
===================================================================
--- config/i386/i386.c	(revision 227777)
+++ config/i386/i386.c	(working copy)
@@ -5080,12 +5080,14 @@ ix86_valid_target_attribute_tree (tree args,
       /* If we are using the default tune= or arch=, undo the string assigned,
 	 and use the default.  */
       if (option_strings[IX86_FUNCTION_SPECIFIC_ARCH])
-	opts->x_ix86_arch_string = option_strings[IX86_FUNCTION_SPECIFIC_ARCH];
+	opts->x_ix86_arch_string
+	  = xstrdup (option_strings[IX86_FUNCTION_SPECIFIC_ARCH]);
       else if (!orig_arch_specified)
 	opts->x_ix86_arch_string = NULL;
 
       if (option_strings[IX86_FUNCTION_SPECIFIC_TUNE])
-	opts->x_ix86_tune_string = option_strings[IX86_FUNCTION_SPECIFIC_TUNE];
+	opts->x_ix86_tune_string
+	  = xstrdup (option_strings[IX86_FUNCTION_SPECIFIC_TUNE]);
       else if (orig_tune_defaulted)
 	opts->x_ix86_tune_string = NULL;
 


More information about the Gcc-patches mailing list